update tests

javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataInference.expected

@@ -23,6 +23,26 @@
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name |
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key |
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:28:28:28:30 | cmd |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:29:33:29:35 | cmd |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:30:26:30:28 | cmd |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:31:26:31:28 | cmd |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:32:26:32:28 | cmd |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:39:26:39:28 | cmd |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:56:54:56:56 | cmd |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:85:37:85:54 | req.query.fileName |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh2.js:10:40:10:46 | command |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh.js:15:44:15:50 | command |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:33:12:33:69 | "http:/ ... ry.user |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:34:44:34:46 | cmd |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:7:33:7:38 | remote |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:9:29:9:34 | remote |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:20:35:20:40 | remote |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:26:35:26:40 | remote |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:31:27:31:40 | req.query.args |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:40:28:40:43 | req.query.remote |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:42:31:42:46 | req.query.remote |
+| DomBasedXssAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:46:34:46:49 | req.query.remote |
 | DomBasedXssAtmConfig | autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path |
 | DomBasedXssAtmConfig | autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name |
 | DomBasedXssAtmConfig | autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name |
@@ -137,6 +157,9 @@
 | NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} |
 | NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" |
 | NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key |
+| NosqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:85:37:85:54 | req.query.fileName |
+| NosqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:33:12:33:69 | "http:/ ... ry.user |
+| NosqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:34:33:34:48 | { command: cmd } |
 | NosqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } |
 | NosqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } |
 | NosqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } |
@@ -191,6 +214,114 @@
 | NosqlInjectionAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url |
 | NosqlInjectionAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] |
 | NosqlInjectionAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js:5:33:5:60 | path.jo ... "temp") |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/TaintedPath.js:104:32:104:39 | realpath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/TaintedPath.js:104:32:104:39 | realpath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:117:7:117:44 | path |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:122:7:122:10 | path |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:122:7:122:21 | path.startsWith |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:236:7:236:47 | path |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:242:7:242:10 | path |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:242:7:242:20 | path.substring |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:242:7:242:40 | path.su ... length) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:247:7:247:10 | path |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:247:7:247:16 | path.slice |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:247:7:247:36 | path.sl ... length) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:254:7:254:47 | path |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:260:7:260:56 | relative |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:260:18:260:56 | pathMod ... , path) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:261:6:261:13 | relative |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:261:6:261:24 | relative.startsWith |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:261:52:261:59 | relative |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:267:7:267:42 | newpath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:267:17:267:42 | pathMod ... e(path) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:268:7:268:85 | relativePath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:268:22:268:85 | pathMod ... ewpath) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:269:7:269:18 | relativePath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:275:7:275:42 | newpath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:275:17:275:42 | pathMod ... e(path) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:276:7:276:85 | relativePath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:276:22:276:85 | pathMod ... ewpath) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:277:7:277:18 | relativePath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:283:7:283:42 | newpath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:283:17:283:42 | pathMod ... e(path) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:284:7:284:85 | relativePath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:284:22:284:85 | pathMod ... ewpath) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:285:7:285:40 | pathMod ... vePath) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:291:7:291:42 | newpath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:291:17:291:42 | pathMod ... e(path) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:292:7:292:85 | relativePath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:292:22:292:85 | pathMod ... ewpath) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:293:7:293:40 | pathMod ... vePath) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:339:6:339:46 | path |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:343:6:343:35 | abs |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:343:12:343:35 | pathMod ... e(path) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:345:6:345:8 | abs |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:352:5:352:12 | rootPath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:352:5:352:28 | rootPath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:352:16:352:28 | process.cwd() |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:353:33:353:32 | rootPath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:358:7:358:51 | requestPath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:358:21:358:51 | pathMod ... , path) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:362:5:362:25 | targetP ... ootPath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:362:5:362:25 | targetPath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:362:18:362:25 | rootPath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:368:3:368:3 | targetPath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:370:22:370:32 | requestPath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:370:22:370:32 | requestPath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:370:35:370:42 | rootPath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:370:35:370:42 | rootPath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:371:12:371:22 | requestPath |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/tainted-sendFile.js:20:7:20:33 | homeDir |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/tainted-sendFile.js:20:17:20:33 | path.resolve('.') |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:22 | homeDir |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:33 | homeDir + '/data/' |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:22 | homeDir |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:7:43:7:48 | files1 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:7:43:7:48 | files1 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:17:5:23:5 | return of function format |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:17:21:17:26 | files2 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:17:21:17:26 | files2 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:18:13:18:18 | files3 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:18:13:18:23 | files3 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:18:22:18:23 | [] |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:9:19:14 | files2 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:9:19:19 | files2.sort |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:9:19:25 | files2.sort(sort) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:9:19:33 | files2. ... forEach |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:19:34 | files3 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:45:19:48 | file |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:45:19:48 | file |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:20:13:20:18 | files3 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:20:13:20:23 | files3.push |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '<li>' + file |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:22:16:22:21 | files3 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:22:16:22:26 | files3.join |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:22:16:22:30 | files3.join('') |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:25:43:25:48 | files1 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:25:43:25:48 | files1 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:29:13:29:18 | files2 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:29:13:29:23 | files2 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:29:22:29:23 | [] |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:30:9:30:14 | files1 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:30:9:30:22 | files1.forEach |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:30:23 | files2 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:30:34:30:37 | file |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:30:34:30:37 | file |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:31:13:31:18 | files2 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:31:13:31:23 | files2.push |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:35:13:35:35 | files3 |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:35:22:35:35 | format(files2) |
+| ShellCommandInjectionFromEnvironmentAtmConfig | autogenerated/Xss/StoredXss/xss-through-filenames.js:35:29:35:34 | files2 |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v |
@@ -223,6 +354,28 @@
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:28:28:28:30 | cmd |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:29:33:29:35 | cmd |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:30:26:30:28 | cmd |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:31:26:31:28 | cmd |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:32:26:32:28 | cmd |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:39:26:39:28 | cmd |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:56:54:56:56 | cmd |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:85:37:85:54 | req.query.fileName |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh2.js:10:40:10:46 | command |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh.js:15:44:15:50 | command |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:33:12:33:69 | "http:/ ... ry.user |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:34:44:34:46 | cmd |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:7:33:7:38 | remote |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:9:29:9:34 | remote |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:18:35:18:40 | remote |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:20:35:20:40 | remote |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:24:35:24:40 | remote |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:26:35:26:40 | remote |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:31:27:31:40 | req.query.args |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:40:28:40:43 | req.query.remote |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:42:31:42:46 | req.query.remote |
+| SqlInjectionAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:46:34:46:49 | req.query.remote |
 | SqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path |
 | SqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name |
 | SqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name |
@@ -293,6 +446,26 @@
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name |
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key |
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:28:28:28:30 | cmd |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:29:33:29:35 | cmd |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:30:26:30:28 | cmd |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:31:26:31:28 | cmd |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:32:26:32:28 | cmd |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:39:26:39:28 | cmd |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:56:54:56:56 | cmd |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:85:37:85:54 | req.query.fileName |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh2.js:10:40:10:46 | command |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh.js:15:44:15:50 | command |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:33:12:33:69 | "http:/ ... ry.user |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:34:44:34:46 | cmd |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:7:33:7:38 | remote |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:9:29:9:34 | remote |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:20:35:20:40 | remote |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:26:35:26:40 | remote |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:31:27:31:40 | req.query.args |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:40:28:40:43 | req.query.remote |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:42:31:42:46 | req.query.remote |
+| TaintedPathAtmConfig | autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:46:34:46:49 | req.query.remote |
 | TaintedPathAtmConfig | autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') |
 | TaintedPathAtmConfig | autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') |
 | TaintedPathAtmConfig | autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') |

javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.expected

@@ -30,3 +30,4 @@ xssThroughDomFilteredTruePositives
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | not a direct argument to a likely external library call or a heuristic sink (xss) |
+shellCommandInjectionFromEnvironmentAtmFilteredTruePositives

javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/getALikelyExternalLibraryCall.expected

@@ -396,6 +396,614 @@
 | autogenerated/NosqlAndSqlInjection/untyped/tst.js:8:11:8:19 | express() |
 | autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:1:11:2 | app.get ... "');\\n}) |
 | autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:3:10:65 | db.get( ...  + '"') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:1:10:1:33 | require ... ocess") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:2:12:2:26 | require('http') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:3:11:3:24 | require('url') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:5:14:64:2 | http.cr ... Y] \\n\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:6:15:6:38 | url.par ... , true) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:8:5:8:18 | cp.exec("foo") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:9:5:9:22 | cp.execSync("foo") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:10:5:10:22 | cp.execFile("foo") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:11:5:11:26 | cp.exec ... ("foo") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:12:5:12:19 | cp.spawn("foo") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:13:5:13:23 | cp.spawnSync("foo") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:14:5:14:18 | cp.fork("foo") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:17:5:17:16 | cp.exec(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:18:5:18:20 | cp.execSync(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:19:5:19:20 | cp.execFile(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:20:5:20:24 | cp.execFileSync(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:21:5:21:17 | cp.spawn(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:22:5:22:21 | cp.spawnSync(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:23:5:23:16 | cp.fork(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:25:5:25:32 | cp.exec ...  "bar") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:28:5:28:32 | cp.exec ... : cmd}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:29:5:29:38 | cp.exec ...  cmd}}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:30:5:30:30 | cp.exec ... : cmd}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:31:5:31:30 | cp.exec ... : cmd}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:32:5:32:30 | cp.exec ... : cmd}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:39:5:39:31 | cp.spaw ...  cmd ]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:44:5:44:34 | cp.exec ... , args) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:54:5:54:39 | cp.exec ... , args) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:56:5:56:59 | cp.spaw ...  cmd])) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:56:25:56:58 | ['/C',  ... , cmd]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:57:5:57:50 | cp.spaw ... t(cmd)) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:57:25:57:49 | ['/C',  ... at(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:60:5:60:26 | myArgs. ...  + "c") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:61:5:61:20 | myArgs.push(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:62:5:62:39 | cp.exec ... , args) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:70:12:70:26 | require("util") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:72:1:76:2 | http.cr ... T OK\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:73:15:73:38 | url.par ... , true) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:75:5:75:27 | util.pr ... p.exec) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:75:5:75:32 | util.pr ... c)(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:79:26:79:54 | require ... erver') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:82:9:86:10 | app.use ...      }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:83:11:83:37 | cp.exec ... leName) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:85:11:85:31 | require ... b-lib") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:85:11:85:55 | require ... leName) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:93:1:95:2 | router. ... T OK\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/child_process-test.js:94:3:94:36 | cp.exec ... s.host) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh2.js:1:12:1:35 | require ... ocess') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh2.js:2:12:2:26 | require('http') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh2.js:3:11:3:24 | require('url') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh2.js:10:12:10:57 | cp.spaw ... ptions) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh2.js:13:1:16:2 | http.cr ... md);\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh2.js:14:15:14:38 | url.par ... , true) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh.js:1:12:1:35 | require ... ocess') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh.js:2:12:2:26 | require('http') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh.js:3:11:3:24 | require('url') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh.js:15:12:15:61 | cp.spaw ... ptions) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh.js:18:1:21:2 | http.cr ... md);\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/exec-sh.js:19:15:19:38 | url.par ... , true) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/execSeries.js:1:12:1:35 | require ... ocess') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/execSeries.js:8:9:8:33 | process ... terate) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/execSeries.js:14:36:14:48 | exec(command) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/execSeries.js:17:1:17:15 | require('http') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/execSeries.js:17:1:20:2 | require ... d]);\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/execSeries.js:18:13:18:26 | require('url') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/execSeries.js:18:13:18:47 | require ... , true) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:1:15:1:32 | require('express') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:2:15:2:31 | require('multer') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:3:14:3:41 | multer( ... ds/' }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:5:11:5:19 | express() |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:6:12:6:35 | require ... ocess") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:8:1:10:2 | app.pos ... T OK\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:8:22:8:44 | upload. ... vatar') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:9:3:9:40 | exec("t ... alname) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:12:1:16:2 | app.pos ...   })\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:12:28:12:53 | upload. ... s', 12) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:13:3:15:4 | req.fil ... OK\\n  }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:14:5:14:38 | exec("t ... alname) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:19:12:19:26 | require('http') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:20:14:20:30 | require('busboy') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:22:1:28:2 | http.cr ... oy);\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:22:1:28:15 | http.cr ... n(8000) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:24:3:26:4 | busboy. ... OK\\n  }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:25:5:25:29 | exec("t ... lename) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:27:3:27:18 | req.pipe(busboy) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:31:20:31:40 | require ... dable') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:32:1:43:2 | app.pos ...  });\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:33:14:33:44 | formida ... true }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:35:3:37:4 | form.pa ... OK\\n  }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:36:5:36:32 | exec("t ... s.name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:40:3:42:4 | form2.p ... OK\\n  }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:41:5:41:32 | exec("t ... s.name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:45:18:45:38 | require ... party') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:46:12:46:26 | require('http') |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:48:1:63:2 | http.cr ... q);\\n\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:48:1:63:15 | http.cr ... n(8080) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:52:3:54:4 | form.pa ... OK\\n  }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:53:5:53:32 | exec("t ... s.name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:58:3:60:4 | form2.o ... OK\\n  }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:59:5:59:34 | exec("t ... lename) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/form-parsers.js:61:3:61:18 | form2.parse(req) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:1:12:1:26 | require("http") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:2:11:2:24 | require("url") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:4:14:35:2 | http.cr ... T OK\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:5:15:5:38 | url.par ... , true) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:7:5:7:26 | require ... spawn") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:7:5:7:36 | require ... nc(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:8:5:8:20 | require("execa") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:8:5:8:31 | require ... ll(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:9:5:9:20 | require("execa") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:9:5:9:35 | require ... nc(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:10:5:10:20 | require("execa") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:10:5:10:32 | require ... ut(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:11:5:11:20 | require("execa") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:11:5:11:32 | require ... rr(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:12:5:12:20 | require("execa") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:12:5:12:30 | require ... nc(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:14:5:14:26 | require ... spawn") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:14:5:14:31 | require ... ")(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:15:5:15:32 | require ... async") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:15:5:15:37 | require ... ")(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:16:5:16:19 | require("exec") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:16:5:16:24 | require("exec")(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:17:5:17:25 | require ... async") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:17:5:17:30 | require ... ")(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:18:5:18:20 | require("execa") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:18:5:18:25 | require ... ")(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:19:5:19:26 | require ... -exec") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:19:5:19:39 | require ... t, cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:21:18:21:32 | require("ssh2") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:22:5:22:24 | new ssh2().exec(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:23:5:23:31 | new ssh ... ec(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:25:24:25:46 | require ... reams") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:26:5:26:37 | new SSH ... e, cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:28:5:28:20 | require("execa") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:28:5:28:30 | require ... de(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:30:5:30:31 | require ... child") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:30:5:30:36 | require ... ")(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:32:20:32:36 | require("opener") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:33:5:33:70 | opener( ... y.user) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:33:35:33:58 | url.par ... , true) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/other.js:34:5:34:49 | opener( ...  cmd }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/third-party-command-injection.js:1:13:1:28 | require("https") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/third-party-command-injection.js:2:10:2:33 | require ... ocess") |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/third-party-command-injection.js:4:1:8:1 | https.g ...    })\\n) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/third-party-command-injection.js:5:5:7:6 | res.on( ... \\n    }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/CommandInjection/third-party-command-injection.js:6:9:6:28 | cp.execSync(command) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:1:10:1:33 | require ... ocess") |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:4:2:4:22 | cp.exec ... s.argv) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:5:2:5:25 | cp.exec ... rgv[0]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:6:2:6:37 | cp.exec ... rgv[0]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:7:2:7:37 | cp.exec ... rgv[1]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:8:2:8:37 | cp.exec ... rgv[2]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:11:2:11:21 | cp.execSync(args[0]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:12:2:12:33 | cp.exec ... rgs[0]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:15:2:15:26 | cp.exec ... rgs[0]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:16:2:16:38 | cp.exec ... rgs[0]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:19:2:19:18 | cp.execSync(arg0) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:20:2:20:30 | cp.exec ... + arg0) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:25:17:25:56 | path.jo ... ex.js') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:26:2:26:51 | cp.exec ... tion"`) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:27:2:27:58 | cp.exec ... tion"`) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:30:1:30:51 | cp.exec ... ().foo) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:30:21:30:44 | require ... -args") |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:31:1:31:46 | cp.exec ... ().foo) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:31:21:31:39 | require("minimist") |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:31:21:31:41 | require ... ist")() |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:32:1:32:46 | cp.exec ... gv.foo) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:32:21:32:36 | require("yargs") |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:33:1:33:49 | cp.exec ... gv.foo) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:33:21:33:39 | require("optimist") |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:36:13:36:28 | require('yargs') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:36:13:37:62 | require ... => { }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:36:13:38:36 | require ... bar" }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:41:2:41:26 | cp.exec ... + args) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:43:2:43:63 | cp.exec ... ().foo) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:43:22:43:37 | require("yargs") |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:43:22:43:50 | require ... ("foo") |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:51:6:51:21 | require('yargs') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:51:6:52:26 | require ... o bar') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:51:6:53:12 | require ... mmand() |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:55:2:55:26 | cp.exec ... + args) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:57:17:57:32 | require('yargs') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:58:17:58:32 | require('yargs') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:65:2:65:32 | cp.exec ... t1rest) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:66:2:66:32 | cp.exec ... t2rest) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:68:20:68:35 | require('yargs') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:69:2:69:28 | cp.exec ... taint3) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:71:20:71:35 | require('yargs') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:72:2:72:28 | cp.exec ... taint4) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:78:17:78:35 | require("minimist") |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:79:2:79:40 | cp.exec ... v).foo) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:81:15:81:31 | require('subarg') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:82:2:82:55 | cp.exec ... )).foo) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:84:20:84:42 | require ... arser') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:85:2:85:60 | cp.exec ... )).foo) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:89:2:89:31 | cp.exec ... gs.foo) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:91:14:91:27 | require('arg') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:92:2:92:31 | cp.exec ... gs.foo) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:96:29:96:47 | require('argparse') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:100:2:100:56 | parser. ... bar' }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:102:2:102:45 | cp.exec ... ().foo) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:106:26:106:53 | require ... -args') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:108:2:108:33 | cp.exec ... ns.foo) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:112:15:112:29 | require('meow') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:116:2:116:34 | cp.exec ... put[0]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:120:17:120:35 | require('dashdash') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:124:2:124:30 | cp.exec ... ts.foo) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:126:15:126:55 | dashdas ... tions}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:129:2:129:30 | cp.exec ... ts.foo) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:133:22:133:41 | require('commander') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:134:2:134:25 | program ... 0.0.1') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:136:2:136:46 | cp.exec ... zaType) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:136:22:136:35 | program.opts() |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:137:2:137:39 | cp.exec ... zaType) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:141:22:141:41 | require('commander') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:143:2:143:25 | program ... 0.0.1') |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:145:2:145:46 | cp.exec ... zaType) |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:145:22:145:35 | program.opts() |
+| autogenerated/ShellCommandInjectionFromEnvironment/IndirectCommandInjection/command-line-parameter-command-injection.js:146:2:146:39 | cp.exec ... zaType) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:1:17:1:34 | require("express") |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:2:13:2:21 | express() |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:3:22:3:45 | require ... ocess") |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:5:1:47:2 | app.get ... / OK\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:7:3:7:40 | execFil ... emote]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:9:3:9:36 | execFil ... emote]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:15:3:15:25 | execFil ... myArgs) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:17:7:17:29 | remote. ... h("--") |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:18:5:18:50 | execFil ... HEAD"]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:20:5:20:50 | execFil ... HEAD"]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:23:7:23:31 | remote. ... "git@") |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:24:5:24:50 | execFil ... HEAD"]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:26:5:26:50 | execFil ... HEAD"]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:29:3:29:33 | execFil ... y.args) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:31:3:31:42 | execFil ... .args]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:33:3:33:66 | execFil ... gs()])) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:33:19:33:65 | ["add", ... rgs()]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:33:53:33:63 | otherargs() |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:35:3:35:78 | execFil ... rArgs)) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:35:19:35:77 | ["ls-re ... erArgs) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:37:3:37:65 | execFil ... rable)) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:37:19:37:64 | ["add", ... erable) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:40:3:40:45 | execFil ... emote]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:42:3:42:48 | execFil ... emote]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:44:3:44:32 | execFil ... y.args) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:46:3:46:51 | execFil ... emote]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:50:3:50:21 | execFile(cmd, args) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:53:1:53:74 | app.lis ... 000!")) |
+| autogenerated/ShellCommandInjectionFromEnvironment/SecondOrderCommandInjection/second-order.js:53:24:53:73 | console ... 3000!") |
+| autogenerated/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js:1:10:1:33 | require ... ocess') |
+| autogenerated/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js:2:12:2:26 | require('path') |
+| autogenerated/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js:3:13:3:28 | require("execa") |
+| autogenerated/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js:5:2:5:62 | cp.exec ... emp")]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js:5:33:5:60 | path.jo ... "temp") |
+| autogenerated/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js:6:2:6:54 | cp.exec ... temp")) |
+| autogenerated/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") |
+| autogenerated/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js:8:2:8:54 | execa.s ... temp")) |
+| autogenerated/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") |
+| autogenerated/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js:9:2:9:58 | execa.s ... temp")) |
+| autogenerated/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") |
+| autogenerated/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js:11:22:11:49 | path.jo ... "temp") |
+| autogenerated/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js:12:2:12:34 | execa.s ... + safe) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/isImported.js:3:12:3:35 | require ... ocess") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/isImported.js:6:2:6:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib2.js:1:10:1:33 | require ... ocess") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib2.js:4:2:4:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib2.js:8:2:8:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:1:10:1:33 | require ... ocess") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:4:2:4:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:6:2:6:26 | cp.exec ... [name]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:7:2:7:24 | cp.exec ... , name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:11:2:11:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:15:2:15:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:20:2:20:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:27:2:27:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:31:23:31:42 | require("./lib2.js") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:35:3:35:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:38:3:38:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:41:3:41:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:43:3:43:33 | cp.exec ... Source) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:50:2:50:28 | require ... ocess") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:50:2:50:51 | require ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:55:2:55:14 | cp.exec(cmd1) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:59:3:59:14 | cp.exec(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:65:2:65:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:67:2:67:14 | cp.exec(name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:69:2:69:48 | cp.exec ... a end") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:71:2:71:32 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:73:2:73:32 | cp.exec ... + "\\"") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:75:2:75:30 | cp.exec ...  + "'") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:77:2:77:38 | cp.exec ...  + "'") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:79:2:79:29 | cp.exec ...  file") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:83:2:83:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:86:2:86:17 | args1.push(name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:87:2:87:25 | cp.exec ... n(" ")) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:87:10:87:24 | args1.join(" ") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:89:2:89:36 | cp.exec ... n(" ")) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:89:10:89:35 | ["rm -r ... in(" ") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:91:2:91:50 | cp.exec ... n(" ")) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:91:10:91:49 | ["rm -r ... in(" ") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:93:2:93:33 | cp.exec ...  name]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:96:12:96:26 | require("util") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:98:2:98:40 | cp.exec ...  name)) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:98:10:98:39 | util.fo ... , name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:100:2:100:42 | cp.exec ...  name)) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:100:10:100:41 | util.fo ... , name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:102:2:102:51 | cp.exec ...  name)) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:102:10:102:50 | util.fo ... , name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:104:2:104:41 | cp.exec ...  name)) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:104:10:104:40 | util.fo ... , name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:106:2:106:57 | cp.exec ...  name)) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:106:10:106:56 | util.fo ... , name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:108:2:108:46 | cp.exec ...  name)) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:108:10:108:26 | require("printf") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:108:10:108:45 | require ... , name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:112:2:112:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:114:7:114:23 | isValidName(name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:117:2:117:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:121:2:121:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:123:7:123:22 | isSafeName(name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:126:2:126:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:131:3:131:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:135:3:135:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:138:3:138:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:144:2:144:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:152:2:152:23 | cp.spaw ... gs, cb) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:159:2:159:23 | cp.spaw ... gs, cb) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:163:2:167:2 | cp.spaw ... t' }\\n\\t) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:165:3:165:30 | ['/C',  ... (args2) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:171:2:171:27 | cp.exec ... ommand) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:173:2:173:24 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:178:24:178:50 | name.re ... '\\\\''") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:179:2:179:31 | cp.exec ... itized) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:181:21:181:46 | name.re ... "'\\''") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:182:2:182:28 | cp.exec ... broken) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:185:12:185:26 | require("path") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:187:2:187:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:189:7:189:22 | path.exist(name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:190:3:190:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:193:2:193:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:197:2:197:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:199:6:199:36 | /[^A-Za ... t(name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:200:3:200:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:202:3:202:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:207:2:207:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:209:6:209:37 | /^[A-Za ... t(name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:210:3:210:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:212:3:212:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:217:2:217:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:219:7:219:37 | /^([a-z ... t(name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:220:3:220:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:221:3:221:18 | process.exit(-1) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:224:2:224:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:228:2:228:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:231:3:231:23 | path.ac ... c(name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:236:2:236:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:240:6:240:33 | /[^A-Za ... test(s) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:241:13:241:36 | s.repla ... '\\\\''") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:242:7:242:32 | s.repla ... /g, '') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:242:7:243:28 | s.repla ...  "\\\\'") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:249:2:249:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:253:2:253:29 | cp.exec ... leaned) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:256:10:256:22 | require("fs") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:258:2:258:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:260:7:260:37 | fs.exis ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:261:3:261:34 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:264:2:264:33 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:268:2:268:33 | cp.exec ... ersion) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:272:2:272:33 | cp.exec ... ersion) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:277:3:277:31 | cp.exec ... ts.bla) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:281:3:281:36 | cp.exec ... ts.bla) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:287:12:287:35 | result. ... /g, "") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:288:12:288:35 | result. ... /g, "") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:289:12:289:36 | result. ... /g, "") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:290:12:290:36 | result. ... /g, "") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:291:12:291:36 | result. ... /g, "") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:292:12:292:36 | result. ... /g, "") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:293:12:293:36 | result. ... /g, "") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:294:12:294:36 | result. ... /g, "") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:295:12:295:35 | result. ... /g, "") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:296:12:296:35 | result. ... /g, "") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:297:12:297:35 | result. ... /g, "") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:298:12:298:36 | result. ... /g, "") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:299:12:299:36 | result. ... /g, "") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:300:12:300:36 | result. ... /g, "") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:301:12:301:35 | result. ... /g, "") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:302:12:302:36 | result. ... /g, "") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:303:12:303:36 | result. ... /g, "") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:308:3:308:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:311:3:311:32 | cp.exec ... itized) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:315:2:315:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:318:3:318:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:320:3:320:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:326:2:326:13 | cp.exec(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:336:2:336:32 | cp.exec ... test")) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:340:2:340:27 | cp.exec ...  id(n)) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:345:3:345:24 | cp.exec ...  " + n) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:350:2:350:26 | cp.exec ... + safe) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:351:2:351:28 | cp.exec ... unsafe) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:354:1:358:2 | Object. ... ;\\n\\t}\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:356:10:356:40 | boundPr ... "safe") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:367:3:367:18 | cp.exec(command) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:406:2:406:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:409:2:409:31 | cp.exec ... itized) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:412:12:412:35 | require ... ocess") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:415:2:415:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:417:2:417:66 | cp.exec ...  => {}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:418:2:418:45 | cp.spaw ...  true}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:419:2:419:52 | cp.exec ...  true}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:420:2:420:49 | cp.spaw ...  true}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:424:2:424:40 | spawn(" ... WN_OPT) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:426:2:426:15 | arr.push(name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:427:2:427:28 | spawn(" ... WN_OPT) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:428:2:428:70 | spawn(" ... WN_OPT) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:433:6:433:16 | something() |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:434:3:434:21 | arr.push('convert') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:435:11:435:25 | arr.push(first) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:436:10:436:23 | arr.push(last) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:440:17:440:40 | require ... ecute") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:442:2:442:28 | asyncEx ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:447:3:447:29 | asyncEx ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:453:1:470:1 | Object. ... \\t)\\n\\t)\\n) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:455:2:469:2 | Object. ... \\n\\t\\t)\\n\\t) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:457:3:457:25 | Object. ... yFuncs) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:457:3:468:3 | Object. ... \\t{}\\n\\t\\t) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:458:31:466:4 | Object. ... },\\n\\t\\t\\t) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:472:14:472:28 | require('path') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:473:21:473:35 | require('util') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:475:14:475:53 | promisi ... ).exec) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:475:24:475:47 | require ... ocess') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:478:17:478:62 | path.jo ... ry -v') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:479:12:479:20 | exec(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:485:2:485:20 | cp.exec(cmd + args) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:490:2:490:13 | cp.exec(cmd) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:495:7:495:30 | require ... ocess') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:499:3:499:35 | MyThing ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:504:11:504:33 | require ... orted') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:510:2:510:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:512:6:512:16 | isNaN(name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:513:3:513:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:515:3:515:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:518:6:518:26 | isNaN(p ... (name)) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:518:12:518:25 | parseInt(name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:519:3:519:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:521:3:521:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:524:6:524:17 | isNaN(+name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:525:3:525:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:527:3:527:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:530:6:530:30 | isNaN(p ... e, 10)) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:530:12:530:29 | parseInt(name, 10) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:531:3:531:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:533:3:533:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:536:6:536:20 | isNaN(name - 0) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:537:3:537:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:539:3:539:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:542:6:542:20 | isNaN(name \| 0) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:543:3:543:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/lib.js:545:3:545:27 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/other.js:1:10:1:33 | require ... ocess") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/other.js:4:2:4:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib2/compiled-file.ts:1:10:1:33 | require ... ocess") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib2/compiled-file.ts:4:5:4:29 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib2/special-file.js:1:10:1:33 | require ... ocess") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib2/special-file.js:4:2:4:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib3/my-file.ts:1:10:1:33 | require ... ocess") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib3/my-file.ts:4:2:4:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib4/index.js:2:8:2:23 | require("./bla") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib4/index.js:3:9:3:27 | require("./subsub") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib4/subsub.js:1:12:1:35 | require ... ocess") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib4/subsub.js:4:2:4:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib/amd.js:2:1:6:2 | define( ...   };\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib/amd.js:4:13:4:31 | require("./amdSub") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib/amdSub.js:1:12:1:35 | require ... ocess") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib/amdSub.js:4:2:4:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib/index.js:1:10:1:33 | require ... ocess") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib/index.js:4:2:4:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib/index.js:8:2:8:26 | cp.exec ... + name) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib/index.js:11:22:11:40 | require("./amd.js") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UnsafeShellCommandConstruction/lib/subLib/index.js:14:5:14:40 | cp.spaw ...  true}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:1:15:1:32 | require('express') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:2:21:2:44 | require ... ocess') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:7:10:7:22 | require('fs') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:8:11:8:19 | express() |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:10:1:10:43 | exec("c ... ut) {}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:12:1:14:2 | exec("c ... ut);\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:13:2:13:17 | console.log(out) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:16:1:16:29 | execSyn ... uinfo') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:16:1:16:40 | execSyn ... tring() |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:18:1:18:26 | execSyn ... path}`) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:20:1:20:36 | execSyn ... wc -l') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:22:1:22:38 | execSyn ... o/bar') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:22:1:22:49 | execSyn ... tring() |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:24:1:24:35 | execSyn ... o/bar`) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:24:1:24:46 | execSyn ... tring() |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:26:1:26:58 | exec(`c ... t) { }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:28:1:28:39 | execSyn ...  1000}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:30:1:30:64 | exec('c ... t) { }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:32:1:32:34 | execSyn ... path}`) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:34:1:34:54 | execSyn ... utf8'}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:36:1:36:77 | execSyn ... utf8'}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:38:1:38:43 | execSyn ... r/baz') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:38:1:38:54 | execSyn ... tring() |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:40:1:40:40 | execSyn ... path}`) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:40:1:40:51 | execSyn ... tring() |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:42:1:42:47 | execSyn ... File}`) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:42:17:42:31 | files.join(' ') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:44:1:44:34 | execSyn ... ' ')}`) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:44:17:44:31 | files.join(' ') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:46:1:46:37 | exec("c ...  name") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:48:1:48:41 | execSyn ... tool}`) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:51:9:51:31 | execSyn ... + file) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:51:9:51:42 | execSyn ... tring() |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:54:1:54:39 | execSyn ...  + "'") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:59:1:62:2 | execFil ... ut);\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:61:3:61:21 | console.log(stdout) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:64:1:66:2 | execFil ... r); \\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:65:3:65:21 | console.log(stderr) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:69:1:72:2 | execFil ... ut);\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:71:3:71:21 | console.log(stdout) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:74:1:74:60 | execFil ... utf8'}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:76:1:76:39 | execFil ... xml' ]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:79:1:79:46 | execFil ...   opts) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:82:1:82:90 | execFil ... String) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:84:1:84:115 | execFil ... ring'}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:86:1:86:75 | execFil ... utf8'}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:88:1:88:35 | execSyn ...  + foo) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:88:1:88:46 | execSyn ... tring() |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:90:1:90:50 | execFil ... th}` ]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:92:1:92:46 | execFil ... th}` ]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:94:1:94:43 | exec("c ... ut) {}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:96:1:96:53 | exec("c ... (out)}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:96:36:96:51 | console.log(out) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:98:1:98:55 | exec("c ... h(out)) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:98:35:98:54 | doSomethingWith(out) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:100:1:100:56 | execFil ... ptions) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:102:1:102:56 | exec("n ... h(out)) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:102:36:102:55 | doSomethingWith(out) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:104:1:104:31 | execFil ... cat` ]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:106:1:106:44 | exec("c ... ut) {}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:107:1:107:44 | exec("c ... ut) {}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:108:1:108:44 | exec("c ... ut) {}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:109:1:109:44 | exec("c ... ut) {}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:111:1:111:51 | spawn(' ... it'] }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:114:15:114:38 | spawn(' ... ename]) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:115:3:117:4 | cat.std ... );\\n  }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:116:5:116:19 | res.write(data) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:118:3:118:39 | cat.std ... .end()) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:118:30:118:38 | res.end() |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:121:12:121:64 | exec("c ... (out)}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:121:47:121:62 | console.log(out) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:123:15:123:67 | exec("c ... (out)}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:123:50:123:65 | console.log(out) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:124:1:124:20 | console.log(notDead) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:127:14:127:66 | exec("c ... (out)}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:127:49:127:64 | console.log(out) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:129:3:131:3 | someCal ... ss.\\n  ) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:130:2:130:54 | exec("c ... (out)}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:130:37:130:52 | console.log(out) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:133:10:133:62 | exec("c ... (out)}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:133:45:133:60 | console.log(out) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:136:17:138:2 | execSyn ... tf8'\\n}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:140:1:140:36 | exec('/ ...  s) {}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:142:1:142:12 | spawn("cat") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:145:15:145:32 | require("shelljs") |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:146:1:146:61 | shelljs ... (out)}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:146:44:146:59 | console.log(out) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:147:1:147:47 | shelljs ... utf8'}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:148:1:148:81 | shelljs ... (out)}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:148:64:148:79 | console.log(out) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:150:14:150:35 | require ... spawn') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:151:1:151:48 | cspawn( ... tf8' }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:152:1:152:82 | cspawn( ... (out)}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:152:65:152:80 | console.log(out) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:153:1:153:60 | cspawn( ... (out)}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:153:43:153:58 | console.log(out) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:154:1:154:26 | cspawn( ... /bar']) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:155:1:155:47 | cspawn( ... (out)}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:155:30:155:45 | console.log(out) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:156:1:156:35 | cspawn( ... tf8' }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:158:16:158:46 | cspawn. ... /bar']) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:159:16:159:68 | cspawn. ... tf8' }) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:161:15:161:29 | require('exec') |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:162:1:162:56 | execmod ... (out)}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:162:39:162:54 | console.log(out) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:163:1:163:42 | execmod ... utf8'}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:164:1:164:76 | execmod ... (out)}) |
+| autogenerated/ShellCommandInjectionFromEnvironment/UselessUseOfCat/uselesscat.js:164:59:164:74 | console.log(out) |
 | autogenerated/TaintedPath/TaintedPath-es6.js:6:14:11:2 | createS ... )));\\n}) |
 | autogenerated/TaintedPath/TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) |
 | autogenerated/TaintedPath/TaintedPath-es6.js:10:3:10:47 | res.wri ... path))) |

javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataTraining.expected

@@ -8,6 +8,11 @@ endpoints
 | index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | notASinkReason | LoggerMethod | string |
 | index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | sinkLabel | NotASink | string |
+| index.js:15:17:15:32 | req.body.isAdmin | ShellCommandInjectionFromEnvironment | hasFlowFromSource | false | boolean |
+| index.js:15:17:15:32 | req.body.isAdmin | ShellCommandInjectionFromEnvironment | isConstantExpression | false | boolean |
+| index.js:15:17:15:32 | req.body.isAdmin | ShellCommandInjectionFromEnvironment | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:15:17:15:32 | req.body.isAdmin | ShellCommandInjectionFromEnvironment | notASinkReason | LoggerMethod | string |
+| index.js:15:17:15:32 | req.body.isAdmin | ShellCommandInjectionFromEnvironment | sinkLabel | NotASink | string |
 | index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | hasFlowFromSource | true | boolean |
 | index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | isConstantExpression | false | boolean |
 | index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -42,6 +47,12 @@ endpoints
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | notASinkReason | ClientRequest | string |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | notASinkReason | JQueryArgument | string |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | sinkLabel | NotASink | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | ShellCommandInjectionFromEnvironment | hasFlowFromSource | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | ShellCommandInjectionFromEnvironment | isConstantExpression | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | ShellCommandInjectionFromEnvironment | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | ShellCommandInjectionFromEnvironment | notASinkReason | ClientRequest | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | ShellCommandInjectionFromEnvironment | notASinkReason | JQueryArgument | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | ShellCommandInjectionFromEnvironment | sinkLabel | NotASink | string |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | isConstantExpression | false | boolean |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -71,6 +82,11 @@ endpoints
 | index.js:84:12:84:18 | foo.bar | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:84:12:84:18 | foo.bar | NosqlInjection | notASinkReason | ClientRequest | string |
 | index.js:84:12:84:18 | foo.bar | NosqlInjection | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | ShellCommandInjectionFromEnvironment | hasFlowFromSource | false | boolean |
+| index.js:84:12:84:18 | foo.bar | ShellCommandInjectionFromEnvironment | isConstantExpression | false | boolean |
+| index.js:84:12:84:18 | foo.bar | ShellCommandInjectionFromEnvironment | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:84:12:84:18 | foo.bar | ShellCommandInjectionFromEnvironment | notASinkReason | ClientRequest | string |
+| index.js:84:12:84:18 | foo.bar | ShellCommandInjectionFromEnvironment | sinkLabel | NotASink | string |
 | index.js:84:12:84:18 | foo.bar | SqlInjection | hasFlowFromSource | false | boolean |
 | index.js:84:12:84:18 | foo.bar | SqlInjection | isConstantExpression | false | boolean |
 | index.js:84:12:84:18 | foo.bar | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |

javascript/ql/experimental/adaptivethreatmodeling/test/query_mappings/ExtractEndpointLabelEncoding.expected

@@ -3,3 +3,4 @@
 | 2 | NosqlInjectionSink |
 | 3 | SqlInjectionSink |
 | 4 | TaintedPathSink |
+| 5 | ShellCommandInjectionFromEnvironmentSink |