hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Update test output

Browse Source 
These files conflicted and have been regenerated.
This commit is contained in:
Asger F
2024-08-22 13:37:09 +02:00
parent 423fd04545
commit a2dd47aeb2
6 changed files with 303 additions and 220 deletions
Download Patch File Download Diff File Expand all files Collapse all files

410
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
View File

@@ -41,103 +41,99 @@ nodes
| TaintedPath.js:58:54:58:57 | path | semmle.label | path |
| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | semmle.label | pathMod ... h(path) |
| TaintedPath.js:60:57:60:60 | path | semmle.label | path |
| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | semmle.label | Cookie.get("unsafe") |
| TaintedPath.js:77:31:77:70 | require ... eq.url) | semmle.label | require ... eq.url) |
| TaintedPath.js:77:31:77:76 | require ... ).query | semmle.label | require ... ).query |
| TaintedPath.js:77:63:77:69 | req.url | semmle.label | req.url |
| TaintedPath.js:78:31:78:68 | require ... eq.url) | semmle.label | require ... eq.url) |
| TaintedPath.js:78:31:78:74 | require ... ).query | semmle.label | require ... ).query |
| TaintedPath.js:78:61:78:67 | req.url | semmle.label | req.url |
| TaintedPath.js:79:31:79:67 | require ... eq.url) | semmle.label | require ... eq.url) |
| TaintedPath.js:79:31:79:73 | require ... ).query | semmle.label | require ... ).query |
| TaintedPath.js:79:60:79:66 | req.url | semmle.label | req.url |
| TaintedPath.js:87:48:87:60 | req.params[0] | semmle.label | req.params[0] |
| TaintedPath.js:95:30:95:31 | ev | semmle.label | ev |
| TaintedPath.js:96:24:96:25 | ev | semmle.label | ev |
| TaintedPath.js:96:24:96:30 | ev.data | semmle.label | ev.data |
| TaintedPath.js:100:6:100:47 | path | semmle.label | path |
| TaintedPath.js:100:13:100:36 | url.par ... , true) | semmle.label | url.par ... , true) |
| TaintedPath.js:100:13:100:42 | url.par ... ).query | semmle.label | url.par ... ).query |
| TaintedPath.js:100:13:100:47 | url.par ... ry.path | semmle.label | url.par ... ry.path |
| TaintedPath.js:100:23:100:29 | req.url | semmle.label | req.url |
| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | semmle.label | fs.real ... c(path) |
| TaintedPath.js:102:44:102:47 | path | semmle.label | path |
| TaintedPath.js:103:14:103:17 | path | semmle.label | path |
| TaintedPath.js:104:32:104:39 | realpath | semmle.label | realpath |
| TaintedPath.js:105:45:105:52 | realpath | semmle.label | realpath |
| TaintedPath.js:136:6:136:47 | path | semmle.label | path |
| TaintedPath.js:136:13:136:36 | url.par ... , true) | semmle.label | url.par ... , true) |
| TaintedPath.js:136:13:136:42 | url.par ... ).query | semmle.label | url.par ... ).query |
| TaintedPath.js:136:13:136:47 | url.par ... ry.path | semmle.label | url.par ... ry.path |
| TaintedPath.js:136:23:136:29 | req.url | semmle.label | req.url |
| TaintedPath.js:138:23:138:26 | path | semmle.label | path |
| TaintedPath.js:142:7:142:48 | path | semmle.label | path |
| TaintedPath.js:142:14:142:37 | url.par ... , true) | semmle.label | url.par ... , true) |
| TaintedPath.js:142:14:142:43 | url.par ... ).query | semmle.label | url.par ... ).query |
| TaintedPath.js:142:14:142:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
| TaintedPath.js:142:24:142:30 | req.url | semmle.label | req.url |
| TaintedPath.js:144:19:144:22 | path | semmle.label | path |
| TaintedPath.js:146:7:146:29 | split | semmle.label | split |
| TaintedPath.js:146:15:146:18 | path | semmle.label | path |
| TaintedPath.js:146:15:146:29 | path.split("/") | semmle.label | path.split("/") |
| TaintedPath.js:148:19:148:23 | split | semmle.label | split |
| TaintedPath.js:148:19:148:33 | split.join("/") | semmle.label | split.join("/") |
| TaintedPath.js:152:19:152:23 | split | semmle.label | split |
| TaintedPath.js:152:19:152:26 | split[x] | semmle.label | split[x] |
| TaintedPath.js:153:19:153:35 | prefix + split[x] | semmle.label | prefix + split[x] |
| TaintedPath.js:153:28:153:32 | split | semmle.label | split |
| TaintedPath.js:153:28:153:35 | split[x] | semmle.label | split[x] |
| TaintedPath.js:155:7:155:38 | concatted | semmle.label | concatted |
| TaintedPath.js:155:19:155:38 | prefix.concat(split) | semmle.label | prefix.concat(split) |
| TaintedPath.js:155:33:155:37 | split | semmle.label | split |
| TaintedPath.js:156:19:156:27 | concatted | semmle.label | concatted |
| TaintedPath.js:156:19:156:37 | concatted.join("/") | semmle.label | concatted.join("/") |
| TaintedPath.js:158:7:158:39 | concatted2 | semmle.label | concatted2 |
| TaintedPath.js:158:20:158:24 | split | semmle.label | split |
| TaintedPath.js:158:20:158:39 | split.concat(prefix) | semmle.label | split.concat(prefix) |
| TaintedPath.js:159:19:159:28 | concatted2 | semmle.label | concatted2 |
| TaintedPath.js:159:19:159:38 | concatted2.join("/") | semmle.label | concatted2.join("/") |
| TaintedPath.js:161:19:161:23 | split | semmle.label | split |
| TaintedPath.js:161:19:161:29 | split.pop() | semmle.label | split.pop() |
| TaintedPath.js:166:7:166:48 | path | semmle.label | path |
| TaintedPath.js:166:14:166:37 | url.par ... , true) | semmle.label | url.par ... , true) |
| TaintedPath.js:166:14:166:43 | url.par ... ).query | semmle.label | url.par ... ).query |
| TaintedPath.js:166:14:166:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
| TaintedPath.js:166:24:166:30 | req.url | semmle.label | req.url |
| TaintedPath.js:170:29:170:32 | path | semmle.label | path |
| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
| TaintedPath.js:176:29:176:32 | path | semmle.label | path |
| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
| TaintedPath.js:177:29:177:32 | path | semmle.label | path |
| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
| TaintedPath.js:178:29:178:32 | path | semmle.label | path |
| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
| TaintedPath.js:179:29:179:32 | path | semmle.label | path |
| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | semmle.label | "prefix ... +/, '') |
| TaintedPath.js:194:40:194:43 | path | semmle.label | path |
| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | semmle.label | path.re ... +/, '') |
| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | semmle.label | pathMod ... +/, '') |
| TaintedPath.js:195:50:195:53 | path | semmle.label | path |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | semmle.label | qs.parse(req.url) |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | semmle.label | qs.pars ... rl).foo |
| TaintedPath.js:203:38:203:44 | req.url | semmle.label | req.url |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | semmle.label | qs.pars ... q.url)) |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | semmle.label | qs.pars ... l)).foo |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | semmle.label | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | semmle.label | req.url |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | semmle.label | parseqs ... eq.url) |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | semmle.label | parseqs ... rl).foo |
| TaintedPath.js:206:44:206:50 | req.url | semmle.label | req.url |
| TaintedPath.js:211:7:211:48 | path | semmle.label | path |
| TaintedPath.js:211:14:211:37 | url.par ... , true) | semmle.label | url.par ... , true) |
| TaintedPath.js:211:14:211:43 | url.par ... ).query | semmle.label | url.par ... ).query |
| TaintedPath.js:211:14:211:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
| TaintedPath.js:211:24:211:30 | req.url | semmle.label | req.url |
| TaintedPath.js:212:31:212:34 | path | semmle.label | path |
| TaintedPath.js:213:45:213:48 | path | semmle.label | path |
| TaintedPath.js:214:35:214:38 | path | semmle.label | path |
| TaintedPath.js:65:31:65:70 | require ... eq.url) | semmle.label | require ... eq.url) |
| TaintedPath.js:65:31:65:76 | require ... ).query | semmle.label | require ... ).query |
| TaintedPath.js:65:63:65:69 | req.url | semmle.label | req.url |
| TaintedPath.js:66:31:66:68 | require ... eq.url) | semmle.label | require ... eq.url) |
| TaintedPath.js:66:31:66:74 | require ... ).query | semmle.label | require ... ).query |
| TaintedPath.js:66:61:66:67 | req.url | semmle.label | req.url |
| TaintedPath.js:67:31:67:67 | require ... eq.url) | semmle.label | require ... eq.url) |
| TaintedPath.js:67:31:67:73 | require ... ).query | semmle.label | require ... ).query |
| TaintedPath.js:67:60:67:66 | req.url | semmle.label | req.url |
| TaintedPath.js:75:48:75:60 | req.params[0] | semmle.label | req.params[0] |
| TaintedPath.js:84:6:84:47 | path | semmle.label | path |
| TaintedPath.js:84:13:84:36 | url.par ... , true) | semmle.label | url.par ... , true) |
| TaintedPath.js:84:13:84:42 | url.par ... ).query | semmle.label | url.par ... ).query |
| TaintedPath.js:84:13:84:47 | url.par ... ry.path | semmle.label | url.par ... ry.path |
| TaintedPath.js:84:23:84:29 | req.url | semmle.label | req.url |
| TaintedPath.js:86:28:86:48 | fs.real ... c(path) | semmle.label | fs.real ... c(path) |
| TaintedPath.js:86:44:86:47 | path | semmle.label | path |
| TaintedPath.js:87:14:87:17 | path | semmle.label | path |
| TaintedPath.js:88:32:88:39 | realpath | semmle.label | realpath |
| TaintedPath.js:89:45:89:52 | realpath | semmle.label | realpath |
| TaintedPath.js:120:6:120:47 | path | semmle.label | path |
| TaintedPath.js:120:13:120:36 | url.par ... , true) | semmle.label | url.par ... , true) |
| TaintedPath.js:120:13:120:42 | url.par ... ).query | semmle.label | url.par ... ).query |
| TaintedPath.js:120:13:120:47 | url.par ... ry.path | semmle.label | url.par ... ry.path |
| TaintedPath.js:120:23:120:29 | req.url | semmle.label | req.url |
| TaintedPath.js:122:23:122:26 | path | semmle.label | path |
| TaintedPath.js:126:7:126:48 | path | semmle.label | path |
| TaintedPath.js:126:14:126:37 | url.par ... , true) | semmle.label | url.par ... , true) |
| TaintedPath.js:126:14:126:43 | url.par ... ).query | semmle.label | url.par ... ).query |
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
| TaintedPath.js:126:24:126:30 | req.url | semmle.label | req.url |
| TaintedPath.js:128:19:128:22 | path | semmle.label | path |
| TaintedPath.js:130:7:130:29 | split | semmle.label | split |
| TaintedPath.js:130:15:130:18 | path | semmle.label | path |
| TaintedPath.js:130:15:130:29 | path.split("/") | semmle.label | path.split("/") |
| TaintedPath.js:132:19:132:23 | split | semmle.label | split |
| TaintedPath.js:132:19:132:33 | split.join("/") | semmle.label | split.join("/") |
| TaintedPath.js:136:19:136:23 | split | semmle.label | split |
| TaintedPath.js:136:19:136:26 | split[x] | semmle.label | split[x] |
| TaintedPath.js:137:19:137:35 | prefix + split[x] | semmle.label | prefix + split[x] |
| TaintedPath.js:137:28:137:32 | split | semmle.label | split |
| TaintedPath.js:137:28:137:35 | split[x] | semmle.label | split[x] |
| TaintedPath.js:139:7:139:38 | concatted | semmle.label | concatted |
| TaintedPath.js:139:19:139:38 | prefix.concat(split) | semmle.label | prefix.concat(split) |
| TaintedPath.js:139:33:139:37 | split | semmle.label | split |
| TaintedPath.js:140:19:140:27 | concatted | semmle.label | concatted |
| TaintedPath.js:140:19:140:37 | concatted.join("/") | semmle.label | concatted.join("/") |
| TaintedPath.js:142:7:142:39 | concatted2 | semmle.label | concatted2 |
| TaintedPath.js:142:20:142:24 | split | semmle.label | split |
| TaintedPath.js:142:20:142:39 | split.concat(prefix) | semmle.label | split.concat(prefix) |
| TaintedPath.js:143:19:143:28 | concatted2 | semmle.label | concatted2 |
| TaintedPath.js:143:19:143:38 | concatted2.join("/") | semmle.label | concatted2.join("/") |
| TaintedPath.js:145:19:145:23 | split | semmle.label | split |
| TaintedPath.js:145:19:145:29 | split.pop() | semmle.label | split.pop() |
| TaintedPath.js:150:7:150:48 | path | semmle.label | path |
| TaintedPath.js:150:14:150:37 | url.par ... , true) | semmle.label | url.par ... , true) |
| TaintedPath.js:150:14:150:43 | url.par ... ).query | semmle.label | url.par ... ).query |
| TaintedPath.js:150:14:150:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
| TaintedPath.js:150:24:150:30 | req.url | semmle.label | req.url |
| TaintedPath.js:154:29:154:32 | path | semmle.label | path |
| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
| TaintedPath.js:160:29:160:32 | path | semmle.label | path |
| TaintedPath.js:160:29:160:52 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
| TaintedPath.js:161:29:161:32 | path | semmle.label | path |
| TaintedPath.js:161:29:161:53 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
| TaintedPath.js:162:29:162:32 | path | semmle.label | path |
| TaintedPath.js:162:29:162:51 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
| TaintedPath.js:163:29:163:32 | path | semmle.label | path |
| TaintedPath.js:163:29:163:57 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
| TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | semmle.label | "prefix ... +/, '') |
| TaintedPath.js:178:40:178:43 | path | semmle.label | path |
| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | semmle.label | path.re ... +/, '') |
| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
| TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | semmle.label | pathMod ... +/, '') |
| TaintedPath.js:179:50:179:53 | path | semmle.label | path |
| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | semmle.label | qs.parse(req.url) |
| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | semmle.label | qs.pars ... rl).foo |
| TaintedPath.js:187:38:187:44 | req.url | semmle.label | req.url |
| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | semmle.label | qs.pars ... q.url)) |
| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | semmle.label | qs.pars ... l)).foo |
| TaintedPath.js:188:38:188:58 | normali ... eq.url) | semmle.label | normali ... eq.url) |
| TaintedPath.js:188:51:188:57 | req.url | semmle.label | req.url |
| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | semmle.label | parseqs ... eq.url) |
| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | semmle.label | parseqs ... rl).foo |
| TaintedPath.js:190:44:190:50 | req.url | semmle.label | req.url |
| TaintedPath.js:195:7:195:48 | path | semmle.label | path |
| TaintedPath.js:195:14:195:37 | url.par ... , true) | semmle.label | url.par ... , true) |
| TaintedPath.js:195:14:195:43 | url.par ... ).query | semmle.label | url.par ... ).query |
| TaintedPath.js:195:14:195:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
| TaintedPath.js:195:24:195:30 | req.url | semmle.label | req.url |
| TaintedPath.js:196:31:196:34 | path | semmle.label | path |
| TaintedPath.js:197:45:197:48 | path | semmle.label | path |
| TaintedPath.js:198:35:198:38 | path | semmle.label | path |
| examples/TaintedPath.js:8:7:8:52 | filePath | semmle.label | filePath |
| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | semmle.label | url.par ... , true) |
| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | semmle.label | url.par ... ).query |
@@ -532,90 +528,87 @@ edges
| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | provenance | Config |
| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | provenance | Config |
| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | provenance | Config |
| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | provenance | Config |
| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | provenance | Config |
| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | provenance | Config |
| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | provenance | Config |
| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | provenance | Config |
| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | provenance | Config |
| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | provenance | |
| TaintedPath.js:96:24:96:25 | ev | TaintedPath.js:96:24:96:30 | ev.data | provenance | Config |
| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | provenance | Config |
| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | provenance | |
| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | provenance | |
| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | provenance | Config |
| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | provenance | Config |
| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | provenance | |
| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | provenance | Config |
| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | provenance | Config |
| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | provenance | Config |
| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | provenance | |
| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | provenance | |
| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | provenance | Config |
| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | provenance | Config |
| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | provenance | |
| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | provenance | Config |
| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | provenance | |
| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | provenance | |
| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | provenance | Config |
| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | provenance | Config |
| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | provenance | |
| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | provenance | Config |
| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:148:19:148:23 | split | provenance | |
| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:152:19:152:23 | split | provenance | |
| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:153:28:153:32 | split | provenance | |
| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:155:33:155:37 | split | provenance | |
| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:158:20:158:24 | split | provenance | |
| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:161:19:161:23 | split | provenance | |
| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | provenance | Config |
| TaintedPath.js:146:15:146:29 | path.split("/") | TaintedPath.js:146:7:146:29 | split | provenance | |
| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | provenance | Config |
| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | provenance | Config |
| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | provenance | Config |
| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | provenance | Config |
| TaintedPath.js:155:7:155:38 | concatted | TaintedPath.js:156:19:156:27 | concatted | provenance | |
| TaintedPath.js:155:19:155:38 | prefix.concat(split) | TaintedPath.js:155:7:155:38 | concatted | provenance | |
| TaintedPath.js:155:33:155:37 | split | TaintedPath.js:155:19:155:38 | prefix.concat(split) | provenance | Config |
| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | provenance | Config |
| TaintedPath.js:158:7:158:39 | concatted2 | TaintedPath.js:159:19:159:28 | concatted2 | provenance | |
| TaintedPath.js:158:20:158:24 | split | TaintedPath.js:158:20:158:39 | split.concat(prefix) | provenance | Config |
| TaintedPath.js:158:20:158:39 | split.concat(prefix) | TaintedPath.js:158:7:158:39 | concatted2 | provenance | |
| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | provenance | Config |
| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | provenance | Config |
| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | provenance | |
| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | provenance | |
| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | provenance | |
| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | provenance | |
| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | provenance | |
| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | provenance | |
| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | provenance | |
| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | provenance | Config |
| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | provenance | Config |
| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | provenance | |
| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | provenance | Config |
| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | provenance | Config |
| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | provenance | Config |
| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | provenance | Config |
| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | provenance | Config |
| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | provenance | Config |
| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | provenance | Config |
| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | provenance | Config |
| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | provenance | Config |
| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | provenance | Config |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | provenance | Config |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | provenance | Config |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | provenance | Config |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | provenance | Config |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | provenance | Config |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | provenance | Config |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | provenance | Config |
| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | provenance | |
| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | provenance | |
| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | provenance | |
| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | provenance | Config |
| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | provenance | Config |
| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | provenance | |
| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | provenance | Config |
| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | provenance | Config |
| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | provenance | Config |
| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | provenance | Config |
| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | provenance | Config |
| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | provenance | Config |
| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | provenance | Config |
| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | provenance | |
| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | provenance | |
| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | provenance | Config |
| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | provenance | Config |
| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | provenance | |
| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | provenance | Config |
| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | provenance | Config |
| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | provenance | Config |
| TaintedPath.js:88:32:88:39 | realpath | TaintedPath.js:89:45:89:52 | realpath | provenance | |
| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | provenance | |
| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | provenance | Config |
| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | provenance | Config |
| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | provenance | |
| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | provenance | Config |
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | provenance | |
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path | provenance | |
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | provenance | Config |
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | provenance | Config |
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | provenance | |
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | provenance | Config |
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:132:19:132:23 | split | provenance | |
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:136:19:136:23 | split | provenance | |
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:137:28:137:32 | split | provenance | |
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:139:33:139:37 | split | provenance | |
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:142:20:142:24 | split | provenance | |
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:145:19:145:23 | split | provenance | |
| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") | provenance | Config |
| TaintedPath.js:130:15:130:29 | path.split("/") | TaintedPath.js:130:7:130:29 | split | provenance | |
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | provenance | Config |
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | provenance | Config |
| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] | provenance | Config |
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | provenance | Config |
| TaintedPath.js:139:7:139:38 | concatted | TaintedPath.js:140:19:140:27 | concatted | provenance | |
| TaintedPath.js:139:19:139:38 | prefix.concat(split) | TaintedPath.js:139:7:139:38 | concatted | provenance | |
| TaintedPath.js:139:33:139:37 | split | TaintedPath.js:139:19:139:38 | prefix.concat(split) | provenance | Config |
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | provenance | Config |
| TaintedPath.js:142:7:142:39 | concatted2 | TaintedPath.js:143:19:143:28 | concatted2 | provenance | |
| TaintedPath.js:142:20:142:24 | split | TaintedPath.js:142:20:142:39 | split.concat(prefix) | provenance | Config |
| TaintedPath.js:142:20:142:39 | split.concat(prefix) | TaintedPath.js:142:7:142:39 | concatted2 | provenance | |
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | provenance | Config |
| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | provenance | Config |
| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | provenance | |
| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:160:29:160:32 | path | provenance | |
| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:161:29:161:32 | path | provenance | |
| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:162:29:162:32 | path | provenance | |
| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:163:29:163:32 | path | provenance | |
| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:178:40:178:43 | path | provenance | |
| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:179:50:179:53 | path | provenance | |
| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | provenance | Config |
| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | provenance | Config |
| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | provenance | |
| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | provenance | Config |
| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | provenance | Config |
| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | provenance | Config |
| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | provenance | Config |
| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | provenance | Config |
| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | provenance | Config |
| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | provenance | Config |
| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | provenance | Config |
| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | provenance | Config |
| TaintedPath.js:179:50:179:53 | path | TaintedPath.js:179:29:179:54 | pathMod ... e(path) | provenance | Config |
| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | provenance | Config |
| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | provenance | Config |
| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | provenance | Config |
| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | provenance | Config |
| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | provenance | Config |
| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | provenance | Config |
| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | provenance | Config |
| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | provenance | |
| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | provenance | |
| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | provenance | |
| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | provenance | Config |
| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | provenance | Config |
| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | provenance | |
| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | provenance | Config |
| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | provenance | |
| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | provenance | Config |
| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | provenance | Config |
@@ -936,34 +929,33 @@ subpaths
| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | This path depends on a $@. | TaintedPath.js:95:30:95:31 | ev | user-provided value |
| TaintedPath.js:77:31:77:76 | require ... ).query | TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:76 | require ... ).query | This path depends on a $@. | TaintedPath.js:77:63:77:69 | req.url | user-provided value |
| TaintedPath.js:78:31:78:74 | require ... ).query | TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:74 | require ... ).query | This path depends on a $@. | TaintedPath.js:78:61:78:67 | req.url | user-provided value |
| TaintedPath.js:79:31:79:73 | require ... ).query | TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:73 | require ... ).query | This path depends on a $@. | TaintedPath.js:79:60:79:66 | req.url | user-provided value |
| TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath.js:87:48:87:60 | req.params[0] | This path depends on a $@. | TaintedPath.js:87:48:87:60 | req.params[0] | user-provided value |
| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | This path depends on a $@. | TaintedPath.js:100:23:100:29 | req.url | user-provided value |
| TaintedPath.js:105:45:105:52 | realpath | TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:105:45:105:52 | realpath | This path depends on a $@. | TaintedPath.js:100:23:100:29 | req.url | user-provided value |
| TaintedPath.js:138:23:138:26 | path | TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:138:23:138:26 | path | This path depends on a $@. | TaintedPath.js:136:23:136:29 | req.url | user-provided value |
| TaintedPath.js:144:19:144:22 | path | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:144:19:144:22 | path | This path depends on a $@. | TaintedPath.js:142:24:142:30 | req.url | user-provided value |
| TaintedPath.js:148:19:148:33 | split.join("/") | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:148:19:148:33 | split.join("/") | This path depends on a $@. | TaintedPath.js:142:24:142:30 | req.url | user-provided value |
| TaintedPath.js:152:19:152:26 | split[x] | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:152:19:152:26 | split[x] | This path depends on a $@. | TaintedPath.js:142:24:142:30 | req.url | user-provided value |
| TaintedPath.js:153:19:153:35 | prefix + split[x] | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:153:19:153:35 | prefix + split[x] | This path depends on a $@. | TaintedPath.js:142:24:142:30 | req.url | user-provided value |
| TaintedPath.js:156:19:156:37 | concatted.join("/") | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:156:19:156:37 | concatted.join("/") | This path depends on a $@. | TaintedPath.js:142:24:142:30 | req.url | user-provided value |
| TaintedPath.js:159:19:159:38 | concatted2.join("/") | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:159:19:159:38 | concatted2.join("/") | This path depends on a $@. | TaintedPath.js:142:24:142:30 | req.url | user-provided value |
| TaintedPath.js:161:19:161:29 | split.pop() | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:161:19:161:29 | split.pop() | This path depends on a $@. | TaintedPath.js:142:24:142:30 | req.url | user-provided value |
| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:166:24:166:30 | req.url | user-provided value |
| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:166:24:166:30 | req.url | user-provided value |
| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:166:24:166:30 | req.url | user-provided value |
| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:166:24:166:30 | req.url | user-provided value |
| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:166:24:166:30 | req.url | user-provided value |
| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | This path depends on a $@. | TaintedPath.js:166:24:166:30 | req.url | user-provided value |
| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | This path depends on a $@. | TaintedPath.js:166:24:166:30 | req.url | user-provided value |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | This path depends on a $@. | TaintedPath.js:203:38:203:44 | req.url | user-provided value |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | This path depends on a $@. | TaintedPath.js:204:51:204:57 | req.url | user-provided value |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | This path depends on a $@. | TaintedPath.js:206:44:206:50 | req.url | user-provided value |
| TaintedPath.js:212:31:212:34 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:212:31:212:34 | path | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value |
| TaintedPath.js:213:45:213:48 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:213:45:213:48 | path | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value |
| TaintedPath.js:214:35:214:38 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:214:35:214:38 | path | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value |
| TaintedPath.js:65:31:65:76 | require ... ).query | TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:76 | require ... ).query | This path depends on a $@. | TaintedPath.js:65:63:65:69 | req.url | user-provided value |
| TaintedPath.js:66:31:66:74 | require ... ).query | TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:74 | require ... ).query | This path depends on a $@. | TaintedPath.js:66:61:66:67 | req.url | user-provided value |
| TaintedPath.js:67:31:67:73 | require ... ).query | TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:73 | require ... ).query | This path depends on a $@. | TaintedPath.js:67:60:67:66 | req.url | user-provided value |
| TaintedPath.js:75:48:75:60 | req.params[0] | TaintedPath.js:75:48:75:60 | req.params[0] | TaintedPath.js:75:48:75:60 | req.params[0] | This path depends on a $@. | TaintedPath.js:75:48:75:60 | req.params[0] | user-provided value |
| TaintedPath.js:86:28:86:48 | fs.real ... c(path) | TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | This path depends on a $@. | TaintedPath.js:84:23:84:29 | req.url | user-provided value |
| TaintedPath.js:89:45:89:52 | realpath | TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:89:45:89:52 | realpath | This path depends on a $@. | TaintedPath.js:84:23:84:29 | req.url | user-provided value |
| TaintedPath.js:122:23:122:26 | path | TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:122:23:122:26 | path | This path depends on a $@. | TaintedPath.js:120:23:120:29 | req.url | user-provided value |
| TaintedPath.js:128:19:128:22 | path | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:128:19:128:22 | path | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
| TaintedPath.js:132:19:132:33 | split.join("/") | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:132:19:132:33 | split.join("/") | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
| TaintedPath.js:136:19:136:26 | split[x] | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:136:19:136:26 | split[x] | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
| TaintedPath.js:137:19:137:35 | prefix + split[x] | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:137:19:137:35 | prefix + split[x] | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
| TaintedPath.js:140:19:140:37 | concatted.join("/") | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:140:19:140:37 | concatted.join("/") | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
| TaintedPath.js:143:19:143:38 | concatted2.join("/") | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:143:19:143:38 | concatted2.join("/") | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
| TaintedPath.js:145:19:145:29 | split.pop() | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:145:19:145:29 | split.pop() | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
| TaintedPath.js:160:29:160:52 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
| TaintedPath.js:161:29:161:53 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
| TaintedPath.js:162:29:162:51 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
| TaintedPath.js:163:29:163:57 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
| TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
| TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | This path depends on a $@. | TaintedPath.js:187:38:187:44 | req.url | user-provided value |
| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | This path depends on a $@. | TaintedPath.js:188:51:188:57 | req.url | user-provided value |
| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | This path depends on a $@. | TaintedPath.js:190:44:190:50 | req.url | user-provided value |
| TaintedPath.js:196:31:196:34 | path | TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:196:31:196:34 | path | This path depends on a $@. | TaintedPath.js:195:24:195:30 | req.url | user-provided value |
| TaintedPath.js:197:45:197:48 | path | TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:197:45:197:48 | path | This path depends on a $@. | TaintedPath.js:195:24:195:30 | req.url | user-provided value |
| TaintedPath.js:198:35:198:38 | path | TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:198:35:198:38 | path | This path depends on a $@. | TaintedPath.js:195:24:195:30 | req.url | user-provided value |
| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | This path depends on a $@. | examples/TaintedPath.js:8:28:8:34 | req.url | user-provided value |
| express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | This path depends on a $@. | express.js:8:20:8:32 | req.query.bar | user-provided value |
| handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value |

8
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
View File

@@ -27,6 +27,10 @@ nodes
| angular2-client.ts:38:44:38:58 | this.router.url | semmle.label | this.router.url |
| angular2-client.ts:40:45:40:59 | this.router.url | semmle.label | this.router.url |
| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | semmle.label | routeSn ... ('foo') |
| angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | semmle.label | Cookie.get("unsafe") |
| angular-tempate-url.js:13:30:13:31 | ev | semmle.label | ev |
| angular-tempate-url.js:14:26:14:27 | ev | semmle.label | ev |
| angular-tempate-url.js:14:26:14:32 | ev.data | semmle.label | ev.data |
| classnames.js:7:31:7:84 | `<span ... <span>` | semmle.label | `<span ... <span>` |
| classnames.js:7:47:7:69 | classNa ... w.name) | semmle.label | classNa ... w.name) |
| classnames.js:7:58:7:68 | window.name | semmle.label | window.name |
@@ -636,6 +640,9 @@ edges
| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | provenance | |
| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | provenance | |
| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | provenance | |
| angular-tempate-url.js:13:30:13:31 | ev | angular-tempate-url.js:14:26:14:27 | ev | provenance | |
| angular-tempate-url.js:14:26:14:27 | ev | angular-tempate-url.js:14:26:14:32 | ev.data | provenance | |
| angular-tempate-url.js:14:26:14:32 | ev.data | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | provenance | |
| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `<span ... <span>` | provenance | |
| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | provenance | |
| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `<span ... <span>` | provenance | |
@@ -1243,6 +1250,7 @@ subpaths
| angular2-client.ts:38:44:38:58 | this.router.url | angular2-client.ts:38:44:38:58 | this.router.url | angular2-client.ts:38:44:38:58 | this.router.url | Cross-site scripting vulnerability due to $@. | angular2-client.ts:38:44:38:58 | this.router.url | user-provided value |
| angular2-client.ts:40:45:40:59 | this.router.url | angular2-client.ts:40:45:40:59 | this.router.url | angular2-client.ts:40:45:40:59 | this.router.url | Cross-site scripting vulnerability due to $@. | angular2-client.ts:40:45:40:59 | this.router.url | user-provided value |
| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | user-provided value |
| angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | angular-tempate-url.js:13:30:13:31 | ev | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | Cross-site scripting vulnerability due to $@. | angular-tempate-url.js:13:30:13:31 | ev | user-provided value |
| classnames.js:7:31:7:84 | `<span ... <span>` | classnames.js:7:58:7:68 | window.name | classnames.js:7:31:7:84 | `<span ... <span>` | Cross-site scripting vulnerability due to $@. | classnames.js:7:58:7:68 | window.name | user-provided value |
| classnames.js:8:31:8:85 | `<span ... <span>` | classnames.js:8:59:8:69 | window.name | classnames.js:8:31:8:85 | `<span ... <span>` | Cross-site scripting vulnerability due to $@. | classnames.js:8:59:8:69 | window.name | user-provided value |
| classnames.js:9:31:9:85 | `<span ... <span>` | classnames.js:9:59:9:69 | window.name | classnames.js:9:31:9:85 | `<span ... <span>` | Cross-site scripting vulnerability due to $@. | classnames.js:9:59:9:69 | window.name | user-provided value |

7
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
View File

@@ -27,6 +27,10 @@ nodes
| angular2-client.ts:38:44:38:58 | this.router.url | semmle.label | this.router.url |
| angular2-client.ts:40:45:40:59 | this.router.url | semmle.label | this.router.url |
| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | semmle.label | routeSn ... ('foo') |
| angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | semmle.label | Cookie.get("unsafe") |
| angular-tempate-url.js:13:30:13:31 | ev | semmle.label | ev |
| angular-tempate-url.js:14:26:14:27 | ev | semmle.label | ev |
| angular-tempate-url.js:14:26:14:32 | ev.data | semmle.label | ev.data |
| classnames.js:7:31:7:84 | `<span ... <span>` | semmle.label | `<span ... <span>` |
| classnames.js:7:47:7:69 | classNa ... w.name) | semmle.label | classNa ... w.name) |
| classnames.js:7:58:7:68 | window.name | semmle.label | window.name |
@@ -657,6 +661,9 @@ edges
| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | provenance | |
| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | provenance | |
| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | provenance | |
| angular-tempate-url.js:13:30:13:31 | ev | angular-tempate-url.js:14:26:14:27 | ev | provenance | |
| angular-tempate-url.js:14:26:14:27 | ev | angular-tempate-url.js:14:26:14:32 | ev.data | provenance | |
| angular-tempate-url.js:14:26:14:32 | ev.data | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | provenance | |
| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `<span ... <span>` | provenance | |
| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | provenance | |
| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `<span ... <span>` | provenance | |

1
javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected
View File

@@ -82,6 +82,7 @@ nodes
| build-leaks.js:41:82:41:83 | pw | semmle.label | pw |
subpaths
| build-leaks.js:17:12:19:9 | {\\n ... } | build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env | build-leaks.js:13:17:19:10 | Object. ... }) |
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) |
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | build-leaks.js:22:49:22:51 | env [Return] | build-leaks.js:25:12:25:13 | [post update] {} |
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) |
| build-leaks.js:25:12:25:13 | {} | build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) |

18
javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected
View File

@@ -39,10 +39,9 @@ edges
| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | provenance | |
| RegExpInjection.js:91:20:91:30 | process.env | RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | provenance | |
| RegExpInjection.js:93:20:93:31 | process.argv | RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | provenance | |
| tst.js:1:46:1:46 | e | tst.js:2:16:2:16 | e | provenance | |
| tst.js:2:9:2:21 | data | tst.js:3:21:3:24 | data | provenance | |
| tst.js:2:16:2:16 | e | tst.js:2:9:2:21 | data | provenance | |
| tst.js:3:21:3:24 | data | tst.js:3:16:3:35 | "^"+ data.name + "$" | provenance | |
| tst.js:5:9:5:29 | data | tst.js:6:21:6:24 | data | provenance | |
| tst.js:5:16:5:29 | req.query.data | tst.js:5:9:5:29 | data | provenance | |
| tst.js:6:21:6:24 | data | tst.js:6:16:6:35 | "^"+ data.name + "$" | provenance | |
nodes
| RegExpInjection.js:5:7:5:28 | key | semmle.label | key |
| RegExpInjection.js:5:13:5:28 | req.param("key") | semmle.label | req.param("key") |
@@ -89,11 +88,10 @@ nodes
| RegExpInjection.js:91:20:91:30 | process.env | semmle.label | process.env |
| RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | semmle.label | `^${pro ... r.app$` |
| RegExpInjection.js:93:20:93:31 | process.argv | semmle.label | process.argv |
| tst.js:1:46:1:46 | e | semmle.label | e |
| tst.js:2:9:2:21 | data | semmle.label | data |
| tst.js:2:16:2:16 | e | semmle.label | e |
| tst.js:3:16:3:35 | "^"+ data.name + "$" | semmle.label | "^"+ data.name + "$" |
| tst.js:3:21:3:24 | data | semmle.label | data |
| tst.js:5:9:5:29 | data | semmle.label | data |
| tst.js:5:16:5:29 | req.query.data | semmle.label | req.query.data |
| tst.js:6:16:6:35 | "^"+ data.name + "$" | semmle.label | "^"+ data.name + "$" |
| tst.js:6:21:6:24 | data | semmle.label | data |
subpaths
| RegExpInjection.js:11:26:11:26 | s | RegExpInjection.js:14:18:14:18 | s | RegExpInjection.js:15:12:15:24 | s + "=(.*)\\n" | RegExpInjection.js:11:20:11:27 | wrap2(s) |
| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:10:17:10:17 | s | RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | RegExpInjection.js:19:14:19:22 | wrap(key) |
@@ -116,4 +114,4 @@ subpaths
| RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | RegExpInjection.js:82:15:82:32 | req.param("input") | RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | This regular expression is constructed from a $@. | RegExpInjection.js:82:15:82:32 | req.param("input") | user-provided value |
| RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | RegExpInjection.js:91:20:91:30 | process.env | RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | This regular expression is constructed from a $@. | RegExpInjection.js:91:20:91:30 | process.env | environment variable |
| RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | RegExpInjection.js:93:20:93:31 | process.argv | RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | This regular expression is constructed from a $@. | RegExpInjection.js:93:20:93:31 | process.argv | command-line argument |
| tst.js:3:16:3:35 | "^"+ data.name + "$" | tst.js:1:46:1:46 | e | tst.js:3:16:3:35 | "^"+ data.name + "$" | This regular expression is constructed from a $@. | tst.js:1:46:1:46 | e | user-provided value |
| tst.js:6:16:6:35 | "^"+ data.name + "$" | tst.js:5:16:5:29 | req.query.data | tst.js:6:16:6:35 | "^"+ data.name + "$" | This regular expression is constructed from a $@. | tst.js:5:16:5:29 | req.query.data | user-provided value |

79
javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected
View File

@@ -32,11 +32,38 @@ edges
| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | provenance | Config |
| HardcodedCredentials.js:237:47:237:54 | username | HardcodedCredentials.js:237:47:237:71 | usernam ... assword | provenance | Config |
| HardcodedCredentials.js:237:47:237:71 | usernam ... assword | HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | provenance | Config |
| HardcodedCredentials.js:237:47:237:71 | usernam ... assword | HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | provenance | Config |
| HardcodedCredentials.js:245:9:245:44 | privateKey | HardcodedCredentials.js:246:42:246:51 | privateKey | provenance | |
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:9:245:44 | privateKey | provenance | |
| HardcodedCredentials.js:248:9:248:42 | publicKey | HardcodedCredentials.js:249:23:249:31 | publicKey | provenance | |
| HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" | HardcodedCredentials.js:248:9:248:42 | publicKey | provenance | |
| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | provenance | Config |
| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | provenance | |
| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | provenance | |
| HardcodedCredentials.js:308:9:308:44 | privateKey | HardcodedCredentials.js:309:34:309:43 | privateKey | provenance | |
| HardcodedCredentials.js:308:22:308:44 | "myHard ... ateKey" | HardcodedCredentials.js:308:9:308:44 | privateKey | provenance | |
| HardcodedCredentials.js:316:9:316:44 | privateKey | HardcodedCredentials.js:317:52:317:61 | privateKey | provenance | |
| HardcodedCredentials.js:316:22:316:44 | "myHard ... ateKey" | HardcodedCredentials.js:316:9:316:44 | privateKey | provenance | |
| HardcodedCredentials.js:317:52:317:61 | privateKey | HardcodedCredentials.js:317:27:317:62 | new Tex ... ateKey) | provenance | Config |
| HardcodedCredentials.js:319:11:321:29 | spki | HardcodedCredentials.js:322:43:322:46 | spki | provenance | |
| HardcodedCredentials.js:319:18:321:29 | `-----B ... Y-----` | HardcodedCredentials.js:319:11:321:29 | spki | provenance | |
| HardcodedCredentials.js:322:9:322:56 | publicKey | HardcodedCredentials.js:323:27:323:35 | publicKey | provenance | |
| HardcodedCredentials.js:322:21:322:56 | await j ... RS256') | HardcodedCredentials.js:322:9:322:56 | publicKey | provenance | |
| HardcodedCredentials.js:322:43:322:46 | spki | HardcodedCredentials.js:322:21:322:56 | await j ... RS256') | provenance | Config |
| HardcodedCredentials.js:328:12:328:55 | 'whYOFK ... -6f...' | HardcodedCredentials.js:331:17:331:46 | await j ... k, alg) | provenance | Config |
| HardcodedCredentials.js:331:5:331:46 | publicKey | HardcodedCredentials.js:335:31:335:39 | publicKey | provenance | |
| HardcodedCredentials.js:331:17:331:46 | await j ... k, alg) | HardcodedCredentials.js:331:5:331:46 | publicKey | provenance | |
| HardcodedCredentials.js:344:9:344:43 | secretKey | HardcodedCredentials.js:349:21:349:29 | secretKey | provenance | |
| HardcodedCredentials.js:344:9:344:43 | secretKey | HardcodedCredentials.js:360:33:360:41 | secretKey | provenance | |
| HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:344:9:344:43 | secretKey | provenance | |
| HardcodedCredentials.js:360:33:360:41 | secretKey | HardcodedCredentials.js:360:21:360:52 | Buffer. ... ase64") | provenance | Config |
| HardcodedCredentials.js:375:9:375:43 | secretKey | HardcodedCredentials.js:378:24:378:32 | secretKey | provenance | |
| HardcodedCredentials.js:375:9:375:43 | secretKey | HardcodedCredentials.js:385:31:385:39 | secretKey | provenance | |
| HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:375:9:375:43 | secretKey | provenance | |
| HardcodedCredentials.js:396:9:396:43 | secretKey | HardcodedCredentials.js:399:17:399:25 | secretKey | provenance | |
| HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | HardcodedCredentials.js:396:9:396:43 | secretKey | provenance | |
| HardcodedCredentials.js:414:9:414:43 | secretKey | HardcodedCredentials.js:416:27:416:35 | secretKey | provenance | |
| HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:414:9:414:43 | secretKey | provenance | |
nodes
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | semmle.label | 'dbuser' |
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | semmle.label | 'hgfedcba' |
@@ -131,6 +158,9 @@ nodes
| HardcodedCredentials.js:245:9:245:44 | privateKey | semmle.label | privateKey |
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | semmle.label | "myHard ... ateKey" |
| HardcodedCredentials.js:246:42:246:51 | privateKey | semmle.label | privateKey |
| HardcodedCredentials.js:248:9:248:42 | publicKey | semmle.label | publicKey |
| HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" | semmle.label | "myHard ... licKey" |
| HardcodedCredentials.js:249:23:249:31 | publicKey | semmle.label | publicKey |
| HardcodedCredentials.js:260:30:260:40 | `Basic foo` | semmle.label | `Basic foo` |
| HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | semmle.label | `${foo ... Token}` |
| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | semmle.label | foo ? ' ... 'OAuth' |
@@ -156,6 +186,40 @@ nodes
| HardcodedCredentials.js:300:44:300:56 | 'SampleToken' | semmle.label | 'SampleToken' |
| HardcodedCredentials.js:301:44:301:55 | 'MyPassword' | semmle.label | 'MyPassword' |
| HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | semmle.label | 'iubfew ... ybgera' |
| HardcodedCredentials.js:308:9:308:44 | privateKey | semmle.label | privateKey |
| HardcodedCredentials.js:308:22:308:44 | "myHard ... ateKey" | semmle.label | "myHard ... ateKey" |
| HardcodedCredentials.js:309:34:309:43 | privateKey | semmle.label | privateKey |
| HardcodedCredentials.js:316:9:316:44 | privateKey | semmle.label | privateKey |
| HardcodedCredentials.js:316:22:316:44 | "myHard ... ateKey" | semmle.label | "myHard ... ateKey" |
| HardcodedCredentials.js:317:27:317:62 | new Tex ... ateKey) | semmle.label | new Tex ... ateKey) |
| HardcodedCredentials.js:317:52:317:61 | privateKey | semmle.label | privateKey |
| HardcodedCredentials.js:319:11:321:29 | spki | semmle.label | spki |
| HardcodedCredentials.js:319:18:321:29 | `-----B ... Y-----` | semmle.label | `-----B ... Y-----` |
| HardcodedCredentials.js:322:9:322:56 | publicKey | semmle.label | publicKey |
| HardcodedCredentials.js:322:21:322:56 | await j ... RS256') | semmle.label | await j ... RS256') |
| HardcodedCredentials.js:322:43:322:46 | spki | semmle.label | spki |
| HardcodedCredentials.js:323:27:323:35 | publicKey | semmle.label | publicKey |
| HardcodedCredentials.js:328:12:328:55 | 'whYOFK ... -6f...' | semmle.label | 'whYOFK ... -6f...' |
| HardcodedCredentials.js:331:5:331:46 | publicKey | semmle.label | publicKey |
| HardcodedCredentials.js:331:17:331:46 | await j ... k, alg) | semmle.label | await j ... k, alg) |
| HardcodedCredentials.js:335:31:335:39 | publicKey | semmle.label | publicKey |
| HardcodedCredentials.js:344:9:344:43 | secretKey | semmle.label | secretKey |
| HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | semmle.label | "myHard ... ateKey" |
| HardcodedCredentials.js:349:21:349:29 | secretKey | semmle.label | secretKey |
| HardcodedCredentials.js:360:21:360:52 | Buffer. ... ase64") | semmle.label | Buffer. ... ase64") |
| HardcodedCredentials.js:360:33:360:41 | secretKey | semmle.label | secretKey |
| HardcodedCredentials.js:375:9:375:43 | secretKey | semmle.label | secretKey |
| HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | semmle.label | "myHard ... ateKey" |
| HardcodedCredentials.js:378:24:378:32 | secretKey | semmle.label | secretKey |
| HardcodedCredentials.js:385:31:385:39 | secretKey | semmle.label | secretKey |
| HardcodedCredentials.js:396:9:396:43 | secretKey | semmle.label | secretKey |
| HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | semmle.label | "myHard ... ateKey" |
| HardcodedCredentials.js:399:17:399:25 | secretKey | semmle.label | secretKey |
| HardcodedCredentials.js:414:9:414:43 | secretKey | semmle.label | secretKey |
| HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | semmle.label | "myHard ... ateKey" |
| HardcodedCredentials.js:416:27:416:35 | secretKey | semmle.label | secretKey |
| __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | semmle.label | 'dbuser' |
| __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | semmle.label | 'hgfedcba' |
subpaths
#select
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | user name |
@@ -219,7 +283,20 @@ subpaths
| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | authorization header |
| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | authorization header |
| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | authorization header |
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:246:42:246:51 | privateKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:246:42:246:51 | privateKey | key |
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:246:42:246:51 | privateKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:246:42:246:51 | privateKey | jwt key |
| HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" | HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" | HardcodedCredentials.js:249:23:249:31 | publicKey | The hard-coded value "myHardCodedPublicKey" is used as $@. | HardcodedCredentials.js:249:23:249:31 | publicKey | jwt key |
| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | The hard-coded value "Basic sdsdag:sdsdag" is used as $@. | HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | authorization header |
| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | The hard-coded value "Basic sdsdag:aaaiuogrweuibgbbbbb" is used as $@. | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | authorization header |
| HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | The hard-coded value "iubfewiaaweiybgaeuybgera" is used as $@. | HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | key |
| HardcodedCredentials.js:308:22:308:44 | "myHard ... ateKey" | HardcodedCredentials.js:308:22:308:44 | "myHard ... ateKey" | HardcodedCredentials.js:309:34:309:43 | privateKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:309:34:309:43 | privateKey | jwt key |
| HardcodedCredentials.js:316:22:316:44 | "myHard ... ateKey" | HardcodedCredentials.js:316:22:316:44 | "myHard ... ateKey" | HardcodedCredentials.js:317:27:317:62 | new Tex ... ateKey) | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:317:27:317:62 | new Tex ... ateKey) | jwt key |
| HardcodedCredentials.js:319:18:321:29 | `-----B ... Y-----` | HardcodedCredentials.js:319:18:321:29 | `-----B ... Y-----` | HardcodedCredentials.js:323:27:323:35 | publicKey | The hard-coded value "-----BEGIN PUBLIC KEY-----\n MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhYOFK2Ocbbpb/zVypi9...\n -----END PUBLIC KEY-----" is used as $@. | HardcodedCredentials.js:323:27:323:35 | publicKey | jwt key |
| HardcodedCredentials.js:328:12:328:55 | 'whYOFK ... -6f...' | HardcodedCredentials.js:328:12:328:55 | 'whYOFK ... -6f...' | HardcodedCredentials.js:335:31:335:39 | publicKey | The hard-coded value "whYOFK2Ocbbpb_zVypi9SeKiNUqKQH0zTKN1-6f..." is used as $@. | HardcodedCredentials.js:335:31:335:39 | publicKey | jwt key |
| HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:349:21:349:29 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:349:21:349:29 | secretKey | jwt key |
| HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:360:21:360:52 | Buffer. ... ase64") | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:360:21:360:52 | Buffer. ... ase64") | jwt key |
| HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:378:24:378:32 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:378:24:378:32 | secretKey | jwt key |
| HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:385:31:385:39 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:385:31:385:39 | secretKey | jwt key |
| HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | HardcodedCredentials.js:399:17:399:25 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:399:17:399:25 | secretKey | jwt key |
| HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:416:27:416:35 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:416:27:416:35 | secretKey | jwt key |
| __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | user name |
| __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | password |