mirror of
https://github.com/github/codeql.git
synced 2026-04-30 19:26:02 +02:00
require that a write must dominate the enclosing stmt of a read
This commit is contained in:
Erik Krogh Kristensen
@@ -444,7 +444,7 @@ module AccessPath {
|
||||
ref = getAccessTo(root, path, _) and
|
||||
ref.getBasicBlock() = bb
|
||||
|
|
||||
ref order by any(int i | ref.asExpr() = bb.getNode(i))
|
||||
ref order by any(int i | ref.asExpr().getEnclosingStmt() = bb.getNode(i))
|
||||
) and
|
||||
result = getAccessTo(root, path, type)
|
||||
}
|
||||
@@ -489,7 +489,7 @@ module AccessPath {
|
||||
// across basic blocks.
|
||||
exists(Root root, string path |
|
||||
read = getAccessTo(root, path, AccessPathRead()) and
|
||||
getAWriteBlock(root, path).strictlyDominates(read.getBasicBlock())
|
||||
getAWriteBlock(root, path).strictlyDominates(read.asExpr().getEnclosingStmt().getBasicBlock())
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2368,6 +2368,105 @@ nodes
|
||||
| tainted-access-paths.js:26:19:26:26 | obj.sub3 |
|
||||
| tainted-access-paths.js:26:19:26:26 | obj.sub3 |
|
||||
| tainted-access-paths.js:26:19:26:26 | obj.sub3 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-require.js:7:19:7:37 | req.param("module") |
|
||||
| tainted-require.js:7:19:7:37 | req.param("module") |
|
||||
| tainted-require.js:7:19:7:37 | req.param("module") |
|
||||
@@ -6231,6 +6330,54 @@ edges
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj |
|
||||
| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj |
|
||||
| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj |
|
||||
| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj |
|
||||
@@ -6327,6 +6474,102 @@ edges
|
||||
| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 |
|
||||
| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 |
|
||||
| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
|
||||
| tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") |
|
||||
| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") |
|
||||
| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") |
|
||||
@@ -7230,6 +7473,9 @@ edges
|
||||
| tainted-access-paths.js:8:19:8:22 | path | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:8:19:8:22 | path | This path depends on $@. | tainted-access-paths.js:6:24:6:30 | req.url | a user-provided value |
|
||||
| tainted-access-paths.js:12:19:12:25 | obj.sub | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:12:19:12:25 | obj.sub | This path depends on $@. | tainted-access-paths.js:6:24:6:30 | req.url | a user-provided value |
|
||||
| tainted-access-paths.js:26:19:26:26 | obj.sub3 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:26:19:26:26 | obj.sub3 | This path depends on $@. | tainted-access-paths.js:6:24:6:30 | req.url | a user-provided value |
|
||||
| tainted-access-paths.js:29:21:29:28 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:29:21:29:28 | obj.sub4 | This path depends on $@. | tainted-access-paths.js:6:24:6:30 | req.url | a user-provided value |
|
||||
| tainted-access-paths.js:30:23:30:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:30:23:30:30 | obj.sub4 | This path depends on $@. | tainted-access-paths.js:6:24:6:30 | req.url | a user-provided value |
|
||||
| tainted-access-paths.js:31:23:31:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:31:23:31:30 | obj.sub4 | This path depends on $@. | tainted-access-paths.js:6:24:6:30 | req.url | a user-provided value |
|
||||
| tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | This path depends on $@. | tainted-require.js:7:19:7:37 | req.param("module") | a user-provided value |
|
||||
| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | This path depends on $@. | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | a user-provided value |
|
||||
| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | This path depends on $@. | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | a user-provided value |
|
||||
|
||||
@@ -24,6 +24,11 @@ var server = http.createServer(function(req, res) {
|
||||
obj.sub3 = "safe"
|
||||
}
|
||||
fs.readFileSync(obj.sub3); // NOT OK
|
||||
|
||||
obj.sub4 =
|
||||
fs.readFileSync(obj.sub4) ? // NOT OK
|
||||
fs.readFileSync(obj.sub4) : // NOT OK
|
||||
fs.readFileSync(obj.sub4); // NOT OK
|
||||
});
|
||||
|
||||
server.listen();
|
||||
|
||||
Reference in New Issue
Block a user