hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Update expected output.

Browse Source
This commit is contained in:
Max Schaefer
2019-10-28 15:41:35 +00:00
parent 530fa2c11c
commit b42026a90a
41 changed files with 2740 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1075
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
View File

File diff suppressed because it is too large Load Diff

14
javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected
View File

@@ -1,27 +1,41 @@
nodes
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName |
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName |
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName |
| TarSlipBad.js:6:36:6:46 | header.name |
| TarSlipBad.js:6:36:6:46 | header.name |
| TarSlipBad.js:6:36:6:46 | header.name |
| ZipSlipBad2.js:5:9:5:46 | fileName |
| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
| ZipSlipBad2.js:5:37:5:46 | entry.path |
| ZipSlipBad2.js:5:37:5:46 | entry.path |
| ZipSlipBad2.js:6:22:6:29 | fileName |
| ZipSlipBad2.js:6:22:6:29 | fileName |
| ZipSlipBad.js:7:11:7:31 | fileName |
| ZipSlipBad.js:7:22:7:31 | entry.path |
| ZipSlipBad.js:7:22:7:31 | entry.path |
| ZipSlipBad.js:8:37:8:44 | fileName |
| ZipSlipBad.js:8:37:8:44 | fileName |
| ZipSlipBadUnzipper.js:7:9:7:29 | fileName |
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path |
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path |
| ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
| ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
edges
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName |
| TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name |
| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName |
| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName |
| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName |
| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName |
| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName |
| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName |
| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName |
| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName |
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName |
#select
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | item path |

84
javascript/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
View File

@@ -4,40 +4,65 @@ nodes
| child_process-test.js:6:15:6:44 | url.par ... ).query |
| child_process-test.js:6:15:6:49 | url.par ... ry.path |
| child_process-test.js:6:25:6:31 | req.url |
| child_process-test.js:6:25:6:31 | req.url |
| child_process-test.js:17:13:17:15 | cmd |
| child_process-test.js:17:13:17:15 | cmd |
| child_process-test.js:18:17:18:19 | cmd |
| child_process-test.js:18:17:18:19 | cmd |
| child_process-test.js:19:17:19:19 | cmd |
| child_process-test.js:19:17:19:19 | cmd |
| child_process-test.js:20:21:20:23 | cmd |
| child_process-test.js:20:21:20:23 | cmd |
| child_process-test.js:21:14:21:16 | cmd |
| child_process-test.js:21:14:21:16 | cmd |
| child_process-test.js:22:18:22:20 | cmd |
| child_process-test.js:22:18:22:20 | cmd |
| child_process-test.js:23:13:23:15 | cmd |
| child_process-test.js:23:13:23:15 | cmd |
| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
| child_process-test.js:25:21:25:23 | cmd |
| child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' |
| child_process-test.js:36:12:36:20 | 'cmd.exe' |
| child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' |
| child_process-test.js:38:12:38:20 | '/bin/sh' |
| child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:26:39:28 | cmd |
| child_process-test.js:39:26:39:28 | cmd |
| child_process-test.js:41:9:41:17 | args |
| child_process-test.js:41:16:41:17 | [] |
| child_process-test.js:41:16:41:17 | [] |
| child_process-test.js:43:15:43:17 | cmd |
| child_process-test.js:43:15:43:17 | cmd |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:30:44:33 | args |
| child_process-test.js:44:30:44:33 | args |
| child_process-test.js:46:9:46:12 | "sh" |
| child_process-test.js:46:9:46:12 | "sh" |
| child_process-test.js:46:15:46:18 | args |
| child_process-test.js:48:9:48:17 | args |
| child_process-test.js:48:16:48:17 | [] |
| child_process-test.js:48:16:48:17 | [] |
| child_process-test.js:50:15:50:17 | cmd |
| child_process-test.js:50:15:50:17 | cmd |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:35:51:38 | args |
| child_process-test.js:51:35:51:38 | args |
| child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:55:19:55:22 | args |
| child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:56:17:56:20 | args |
| child_process-test.js:56:17:56:20 | args |
| execSeries.js:3:20:3:22 | arr |
| execSeries.js:6:14:6:16 | arr |
@@ -46,11 +71,13 @@ nodes
| execSeries.js:14:13:14:20 | commands |
| execSeries.js:14:24:14:30 | command |
| execSeries.js:14:41:14:47 | command |
| execSeries.js:14:41:14:47 | command |
| execSeries.js:18:7:18:58 | cmd |
| execSeries.js:18:13:18:47 | require ... , true) |
| execSeries.js:18:13:18:53 | require ... ).query |
| execSeries.js:18:13:18:58 | require ... ry.path |
| execSeries.js:18:34:18:40 | req.url |
| execSeries.js:18:34:18:40 | req.url |
| execSeries.js:19:12:19:16 | [cmd] |
| execSeries.js:19:13:19:15 | cmd |
| other.js:5:9:5:49 | cmd |
@@ -58,54 +85,93 @@ nodes
| other.js:5:15:5:44 | url.par ... ).query |
| other.js:5:15:5:49 | url.par ... ry.path |
| other.js:5:25:5:31 | req.url |
| other.js:5:25:5:31 | req.url |
| other.js:7:33:7:35 | cmd |
| other.js:7:33:7:35 | cmd |
| other.js:8:28:8:30 | cmd |
| other.js:8:28:8:30 | cmd |
| other.js:9:32:9:34 | cmd |
| other.js:9:32:9:34 | cmd |
| other.js:10:29:10:31 | cmd |
| other.js:10:29:10:31 | cmd |
| other.js:11:29:11:31 | cmd |
| other.js:11:29:11:31 | cmd |
| other.js:12:27:12:29 | cmd |
| other.js:12:27:12:29 | cmd |
| other.js:14:28:14:30 | cmd |
| other.js:14:28:14:30 | cmd |
| other.js:15:34:15:36 | cmd |
| other.js:15:34:15:36 | cmd |
| other.js:16:21:16:23 | cmd |
| other.js:16:21:16:23 | cmd |
| other.js:17:27:17:29 | cmd |
| other.js:17:27:17:29 | cmd |
| other.js:18:22:18:24 | cmd |
| other.js:18:22:18:24 | cmd |
| other.js:19:36:19:38 | cmd |
| other.js:19:36:19:38 | cmd |
| third-party-command-injection.js:5:20:5:26 | command |
| third-party-command-injection.js:5:20:5:26 | command |
| third-party-command-injection.js:6:21:6:27 | command |
| third-party-command-injection.js:6:21:6:27 | command |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
edges
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:19:17:19:19 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:19:17:19:19 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:20:21:20:23 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:20:21:20:23 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:21:14:21:16 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:21:14:21:16 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:22:18:22:20 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:22:18:22:20 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:23:13:23:15 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:23:13:23:15 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:25:21:25:23 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:50:15:50:17 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:50:15:50:17 | cmd |
| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:44 | url.par ... ).query |
| child_process-test.js:6:15:6:44 | url.par ... ).query | child_process-test.js:6:15:6:49 | url.par ... ry.path |
| child_process-test.js:6:15:6:49 | url.par ... ry.path | child_process-test.js:6:9:6:49 | cmd |
| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) |
| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) |
| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] | child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:46:15:46:18 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
| child_process-test.js:44:17:44:27 | "/bin/bash" | child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:46:9:46:12 | "sh" | child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:46:9:46:12 | "sh" | child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:46:15:46:18 | args | child_process-test.js:55:19:55:22 | args |
| child_process-test.js:48:9:48:17 | args | child_process-test.js:51:35:51:38 | args |
| child_process-test.js:48:9:48:17 | args | child_process-test.js:51:35:51:38 | args |
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" | child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
| execSeries.js:3:20:3:22 | arr | execSeries.js:6:14:6:16 | arr |
| execSeries.js:6:14:6:16 | arr | execSeries.js:6:14:6:21 | arr[i++] |
@@ -114,29 +180,47 @@ edges
| execSeries.js:14:13:14:20 | commands | execSeries.js:3:20:3:22 | arr |
| execSeries.js:14:13:14:20 | commands | execSeries.js:14:24:14:30 | command |
| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command |
| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command |
| execSeries.js:18:7:18:58 | cmd | execSeries.js:19:13:19:15 | cmd |
| execSeries.js:18:13:18:47 | require ... , true) | execSeries.js:18:13:18:53 | require ... ).query |
| execSeries.js:18:13:18:53 | require ... ).query | execSeries.js:18:13:18:58 | require ... ry.path |
| execSeries.js:18:13:18:58 | require ... ry.path | execSeries.js:18:7:18:58 | cmd |
| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) |
| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) |
| execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands |
| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] |
| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd |
| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd |
| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd |
| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd |
| other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd |
| other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd |
| other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd |
| other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd |
| other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd |
| other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd |
| other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd |
| other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd |
| other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd |
| other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd |
| other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd |
| other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd |
| other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd |
| other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd |
| other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd |
| other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd |
| other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd |
| other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd |
| other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd |
| other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd |
| other.js:5:15:5:38 | url.par ... , true) | other.js:5:15:5:44 | url.par ... ).query |
| other.js:5:15:5:44 | url.par ... ).query | other.js:5:15:5:49 | url.par ... ry.path |
| other.js:5:15:5:49 | url.par ... ry.path | other.js:5:9:5:49 | cmd |
| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) |
| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) |
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] | tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
#select

50
javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection.expected
View File

@@ -1,37 +1,56 @@
nodes
| child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' |
| child_process-test.js:36:12:36:20 | 'cmd.exe' |
| child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' |
| child_process-test.js:38:12:38:20 | '/bin/sh' |
| child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:41:9:41:17 | args |
| child_process-test.js:41:16:41:17 | [] |
| child_process-test.js:41:16:41:17 | [] |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:30:44:33 | args |
| child_process-test.js:44:30:44:33 | args |
| child_process-test.js:46:9:46:12 | "sh" |
| child_process-test.js:46:9:46:12 | "sh" |
| child_process-test.js:46:15:46:18 | args |
| child_process-test.js:48:9:48:17 | args |
| child_process-test.js:48:16:48:17 | [] |
| child_process-test.js:48:16:48:17 | [] |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:35:51:38 | args |
| child_process-test.js:51:35:51:38 | args |
| child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:55:19:55:22 | args |
| child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:56:17:56:20 | args |
| child_process-test.js:56:17:56:20 | args |
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] |
| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] |
| command-line-parameter-command-injection.js:8:22:8:33 | process.argv |
| command-line-parameter-command-injection.js:8:22:8:33 | process.argv |
| command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] |
| command-line-parameter-command-injection.js:10:6:10:33 | args |
| command-line-parameter-command-injection.js:10:13:10:24 | process.argv |
| command-line-parameter-command-injection.js:10:13:10:24 | process.argv |
| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) |
| command-line-parameter-command-injection.js:11:14:11:17 | args |
| command-line-parameter-command-injection.js:11:14:11:20 | args[0] |
| command-line-parameter-command-injection.js:11:14:11:20 | args[0] |
| command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] |
| command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] |
| command-line-parameter-command-injection.js:12:26:12:29 | args |
| command-line-parameter-command-injection.js:12:26:12:32 | args[0] |
@@ -40,6 +59,8 @@ nodes
| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) |
| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs |
| command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] |
| command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] |
| command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] |
| command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] |
| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs |
| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] |
@@ -47,68 +68,97 @@ nodes
| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs |
| command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] |
| command-line-parameter-command-injection.js:19:14:19:17 | arg0 |
| command-line-parameter-command-injection.js:19:14:19:17 | arg0 |
| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 |
| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 |
| command-line-parameter-command-injection.js:20:26:20:29 | arg0 |
| command-line-parameter-command-injection.js:24:8:24:35 | args |
| command-line-parameter-command-injection.js:24:15:24:26 | process.argv |
| command-line-parameter-command-injection.js:24:15:24:26 | process.argv |
| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) |
| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:26:32:26:35 | args |
| command-line-parameter-command-injection.js:26:32:26:38 | args[0] |
| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:27:32:27:35 | args |
| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
edges
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] | child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:46:15:46:18 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
| child_process-test.js:44:17:44:27 | "/bin/bash" | child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:46:9:46:12 | "sh" | child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:46:9:46:12 | "sh" | child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:46:15:46:18 | args | child_process-test.js:55:19:55:22 | args |
| child_process-test.js:48:9:48:17 | args | child_process-test.js:51:35:51:38 | args |
| child_process-test.js:48:9:48:17 | args | child_process-test.js:51:35:51:38 | args |
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" | child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] |
| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] |
| command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] |
| command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] |
| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:11:14:11:17 | args |
| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:12:26:12:29 | args |
| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:14:18:14:21 | args |
| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) |
| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) |
| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | command-line-parameter-command-injection.js:10:6:10:33 | args |
| command-line-parameter-command-injection.js:11:14:11:17 | args | command-line-parameter-command-injection.js:11:14:11:20 | args[0] |
| command-line-parameter-command-injection.js:11:14:11:17 | args | command-line-parameter-command-injection.js:11:14:11:20 | args[0] |
| command-line-parameter-command-injection.js:12:26:12:29 | args | command-line-parameter-command-injection.js:12:26:12:32 | args[0] |
| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] |
| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] |
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs |
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs |
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs |
| command-line-parameter-command-injection.js:14:18:14:21 | args | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) |
| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs |
| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] |
| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] |
| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] |
| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] |
| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] |
| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:19:14:19:17 | arg0 |
| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:19:14:19:17 | arg0 |
| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:20:26:20:29 | arg0 |
| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] |
| command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | command-line-parameter-command-injection.js:18:6:18:24 | arg0 |
| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 |
| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 |
| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:26:32:26:35 | args |
| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:27:32:27:35 | args |
| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) |
| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) |
| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | command-line-parameter-command-injection.js:24:8:24:35 | args |
| command-line-parameter-command-injection.js:26:32:26:35 | args | command-line-parameter-command-injection.js:26:32:26:38 | args[0] |
| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:27:32:27:35 | args | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') |
| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] | tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
#select
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line argument |

29
javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment.expected
View File

@@ -1,51 +1,80 @@
nodes
| child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' |
| child_process-test.js:36:12:36:20 | 'cmd.exe' |
| child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' |
| child_process-test.js:38:12:38:20 | '/bin/sh' |
| child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:41:9:41:17 | args |
| child_process-test.js:41:16:41:17 | [] |
| child_process-test.js:41:16:41:17 | [] |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:30:44:33 | args |
| child_process-test.js:44:30:44:33 | args |
| child_process-test.js:46:9:46:12 | "sh" |
| child_process-test.js:46:9:46:12 | "sh" |
| child_process-test.js:46:15:46:18 | args |
| child_process-test.js:48:9:48:17 | args |
| child_process-test.js:48:16:48:17 | [] |
| child_process-test.js:48:16:48:17 | [] |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:35:51:38 | args |
| child_process-test.js:51:35:51:38 | args |
| child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:55:19:55:22 | args |
| child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:56:17:56:20 | args |
| child_process-test.js:56:17:56:20 | args |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:5:14:5:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:5:14:5:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:5:26:5:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:5:36:5:44 | __dirname |
| tst_shell-command-injection-from-environment.js:5:36:5:44 | __dirname |
edges
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] | child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:46:15:46:18 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
| child_process-test.js:44:17:44:27 | "/bin/bash" | child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:46:9:46:12 | "sh" | child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:46:9:46:12 | "sh" | child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:46:15:46:18 | args | child_process-test.js:55:19:55:22 | args |
| child_process-test.js:48:9:48:17 | args | child_process-test.js:51:35:51:38 | args |
| child_process-test.js:48:9:48:17 | args | child_process-test.js:51:35:51:38 | args |
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" | child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] | tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:5:26:5:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:5:14:5:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:5:26:5:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:5:14:5:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:5:36:5:44 | __dirname | tst_shell-command-injection-from-environment.js:5:26:5:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:5:36:5:44 | __dirname | tst_shell-command-injection-from-environment.js:5:26:5:53 | path.jo ... "temp") |
#select
| tst_shell-command-injection-from-environment.js:5:14:5:53 | 'rm -rf ... "temp") | tst_shell-command-injection-from-environment.js:5:36:5:44 | __dirname | tst_shell-command-injection-from-environment.js:5:14:5:53 | 'rm -rf ... "temp") | This shell command depends on an uncontrolled $@. | tst_shell-command-injection-from-environment.js:5:36:5:44 | __dirname | absolute path |

52
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
View File

@@ -1,80 +1,132 @@
nodes
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id |
| ReflectedXss.js:8:33:8:45 | req.params.id |
| etherpad.js:9:5:9:53 | response |
| etherpad.js:9:16:9:30 | req.query.jsonp |
| etherpad.js:9:16:9:30 | req.query.jsonp |
| etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:11:12:11:19 | response |
| etherpad.js:11:12:11:19 | response |
| formatting.js:4:9:4:29 | evil |
| formatting.js:4:16:4:29 | req.query.evil |
| formatting.js:4:16:4:29 | req.query.evil |
| formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:6:43:6:46 | evil |
| formatting.js:7:14:7:53 | require ... , evil) |
| formatting.js:7:14:7:53 | require ... , evil) |
| formatting.js:7:49:7:52 | evil |
| partial.js:9:25:9:25 | x |
| partial.js:10:14:10:14 | x |
| partial.js:10:14:10:18 | x + y |
| partial.js:10:14:10:18 | x + y |
| partial.js:13:42:13:48 | req.url |
| partial.js:13:42:13:48 | req.url |
| partial.js:18:25:18:25 | x |
| partial.js:19:14:19:14 | x |
| partial.js:19:14:19:18 | x + y |
| partial.js:19:14:19:18 | x + y |
| partial.js:22:51:22:57 | req.url |
| partial.js:22:51:22:57 | req.url |
| partial.js:27:25:27:25 | x |
| partial.js:28:14:28:14 | x |
| partial.js:28:14:28:18 | x + y |
| partial.js:28:14:28:18 | x + y |
| partial.js:31:47:31:53 | req.url |
| partial.js:31:47:31:53 | req.url |
| partial.js:36:25:36:25 | x |
| partial.js:37:14:37:14 | x |
| partial.js:37:14:37:18 | x + y |
| partial.js:37:14:37:18 | x + y |
| partial.js:40:43:40:49 | req.url |
| partial.js:40:43:40:49 | req.url |
| promises.js:5:3:5:59 | new Pro ... .data)) |
| promises.js:5:44:5:57 | req.query.data |
| promises.js:5:44:5:57 | req.query.data |
| promises.js:6:11:6:11 | x |
| promises.js:6:11:6:11 | x |
| promises.js:6:25:6:25 | x |
| promises.js:6:25:6:25 | x |
| promises.js:6:25:6:25 | x |
| tst2.js:6:7:6:30 | p |
| tst2.js:6:7:6:30 | r |
| tst2.js:6:9:6:9 | p |
| tst2.js:6:9:6:9 | p |
| tst2.js:6:12:6:15 | q: r |
| tst2.js:6:12:6:15 | q: r |
| tst2.js:7:12:7:12 | p |
| tst2.js:7:12:7:12 | p |
| tst2.js:8:12:8:12 | r |
| tst2.js:8:12:8:12 | r |
| tst2.js:14:7:14:24 | p |
| tst2.js:14:9:14:9 | p |
| tst2.js:14:9:14:9 | p |
| tst2.js:18:12:18:12 | p |
| tst2.js:18:12:18:12 | p |
| tst2.js:21:14:21:14 | p |
| tst2.js:21:14:21:14 | p |
edges
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response |
| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:9:16:9:53 | req.que ... e + ")" | etherpad.js:9:5:9:53 | response |
| formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil |
| formatting.js:4:9:4:29 | evil | formatting.js:7:49:7:52 | evil |
| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil |
| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil |
| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) |
| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) |
| partial.js:9:25:9:25 | x | partial.js:10:14:10:14 | x |
| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y |
| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y |
| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x |
| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x |
| partial.js:18:25:18:25 | x | partial.js:19:14:19:14 | x |
| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y |
| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y |
| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x |
| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x |
| partial.js:27:25:27:25 | x | partial.js:28:14:28:14 | x |
| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y |
| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y |
| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x |
| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x |
| partial.js:36:25:36:25 | x | partial.js:37:14:37:14 | x |
| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y |
| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y |
| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x |
| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x |
| promises.js:5:3:5:59 | new Pro ... .data)) | promises.js:6:11:6:11 | x |
| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) |
| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) |
| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x |
| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p |
| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p |
| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r |
| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r |
| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p |
| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p |
| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r |
| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r |
| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p |
| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p |
| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p |
| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p |
| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p |
| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p |
#select
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value |

15
javascript/ql/test/query-tests/Security/CWE-079/StoredXss.expected
View File

@@ -1,7 +1,11 @@
nodes
| xss-through-filenames.js:7:43:7:48 | files1 |
| xss-through-filenames.js:7:43:7:48 | files1 |
| xss-through-filenames.js:8:18:8:23 | files1 |
| xss-through-filenames.js:8:18:8:23 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 |
| xss-through-filenames.js:26:19:26:24 | files1 |
| xss-through-filenames.js:26:19:26:24 | files1 |
| xss-through-filenames.js:29:13:29:23 | files2 |
| xss-through-filenames.js:29:22:29:23 | [] |
@@ -9,14 +13,24 @@ nodes
| xss-through-filenames.js:30:34:30:37 | file |
| xss-through-filenames.js:31:25:31:28 | file |
| xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:35:13:35:35 | files3 |
| xss-through-filenames.js:35:22:35:35 | format(files2) |
| xss-through-filenames.js:35:29:35:34 | files2 |
| xss-through-filenames.js:37:19:37:24 | files3 |
| xss-through-filenames.js:37:19:37:24 | files3 |
edges
| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 |
| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 |
| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 |
| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 |
| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:35:29:35:34 | files2 |
| xss-through-filenames.js:29:22:29:23 | [] | xss-through-filenames.js:29:13:29:23 | files2 |
@@ -24,6 +38,7 @@ edges
| xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:25:31:28 | file |
| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:29:22:29:23 | [] |
| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 |
| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 |
| xss-through-filenames.js:35:22:35:35 | format(files2) | xss-through-filenames.js:35:13:35:35 | files3 |
| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:35:22:35:35 | format(files2) |
#select

256
javascript/ql/test/query-tests/Security/CWE-079/Xss.expected
View File

@@ -1,182 +1,292 @@
nodes
| addEventListener.js:1:43:1:47 | event |
| addEventListener.js:1:43:1:47 | event |
| addEventListener.js:2:20:2:24 | event |
| addEventListener.js:2:20:2:29 | event.data |
| addEventListener.js:2:20:2:29 | event.data |
| addEventListener.js:5:43:5:48 | data |
| addEventListener.js:5:43:5:48 | {data} |
| addEventListener.js:5:43:5:48 | {data} |
| addEventListener.js:5:44:5:47 | data |
| addEventListener.js:6:20:6:23 | data |
| addEventListener.js:6:20:6:23 | data |
| addEventListener.js:10:21:10:25 | event |
| addEventListener.js:10:21:10:25 | event |
| addEventListener.js:12:24:12:28 | event |
| addEventListener.js:12:24:12:33 | event.data |
| addEventListener.js:12:24:12:33 | event.data |
| jquery.js:2:7:2:40 | tainted |
| jquery.js:2:17:2:33 | document.location |
| jquery.js:2:17:2:33 | document.location |
| jquery.js:2:17:2:40 | documen ... .search |
| jquery.js:4:5:4:11 | tainted |
| jquery.js:4:5:4:11 | tainted |
| jquery.js:7:5:7:34 | "<div i ... + "\\">" |
| jquery.js:7:5:7:34 | "<div i ... + "\\">" |
| jquery.js:7:20:7:26 | tainted |
| jquery.js:8:18:8:34 | "XSS: " + tainted |
| jquery.js:8:18:8:34 | "XSS: " + tainted |
| jquery.js:8:28:8:34 | tainted |
| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
| nodemailer.js:13:50:13:66 | req.query.message |
| nodemailer.js:13:50:13:66 | req.query.message |
| react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:8:18:8:24 | tainted |
| react-native.js:8:18:8:24 | tainted |
| react-native.js:9:27:9:33 | tainted |
| react-native.js:9:27:9:33 | tainted |
| stored-xss.js:2:39:2:55 | document.location |
| stored-xss.js:2:39:2:55 | document.location |
| stored-xss.js:2:39:2:62 | documen ... .search |
| stored-xss.js:3:35:3:51 | document.location |
| stored-xss.js:3:35:3:51 | document.location |
| stored-xss.js:3:35:3:58 | documen ... .search |
| stored-xss.js:5:20:5:52 | session ... ssion') |
| stored-xss.js:5:20:5:52 | session ... ssion') |
| stored-xss.js:8:20:8:48 | localSt ... local') |
| stored-xss.js:8:20:8:48 | localSt ... local') |
| string-manipulations.js:3:16:3:32 | document.location |
| string-manipulations.js:3:16:3:32 | document.location |
| string-manipulations.js:3:16:3:32 | document.location |
| string-manipulations.js:4:16:4:32 | document.location |
| string-manipulations.js:4:16:4:32 | document.location |
| string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:5:16:5:32 | document.location |
| string-manipulations.js:5:16:5:32 | document.location |
| string-manipulations.js:5:16:5:37 | documen ... on.href |
| string-manipulations.js:5:16:5:47 | documen ... lueOf() |
| string-manipulations.js:5:16:5:47 | documen ... lueOf() |
| string-manipulations.js:6:16:6:32 | document.location |
| string-manipulations.js:6:16:6:32 | document.location |
| string-manipulations.js:6:16:6:37 | documen ... on.href |
| string-manipulations.js:6:16:6:43 | documen ... f.sup() |
| string-manipulations.js:6:16:6:43 | documen ... f.sup() |
| string-manipulations.js:7:16:7:32 | document.location |
| string-manipulations.js:7:16:7:32 | document.location |
| string-manipulations.js:7:16:7:37 | documen ... on.href |
| string-manipulations.js:7:16:7:51 | documen ... rCase() |
| string-manipulations.js:7:16:7:51 | documen ... rCase() |
| string-manipulations.js:8:16:8:32 | document.location |
| string-manipulations.js:8:16:8:32 | document.location |
| string-manipulations.js:8:16:8:37 | documen ... on.href |
| string-manipulations.js:8:16:8:48 | documen ... mLeft() |
| string-manipulations.js:8:16:8:48 | documen ... mLeft() |
| string-manipulations.js:9:16:9:58 | String. ... n.href) |
| string-manipulations.js:9:16:9:58 | String. ... n.href) |
| string-manipulations.js:9:36:9:52 | document.location |
| string-manipulations.js:9:36:9:52 | document.location |
| string-manipulations.js:9:36:9:57 | documen ... on.href |
| string-manipulations.js:10:16:10:45 | String( ... n.href) |
| string-manipulations.js:10:16:10:45 | String( ... n.href) |
| string-manipulations.js:10:23:10:39 | document.location |
| string-manipulations.js:10:23:10:39 | document.location |
| string-manipulations.js:10:23:10:44 | documen ... on.href |
| translate.js:6:7:6:39 | target |
| translate.js:6:16:6:32 | document.location |
| translate.js:6:16:6:32 | document.location |
| translate.js:6:16:6:39 | documen ... .search |
| translate.js:7:42:7:47 | target |
| translate.js:7:42:7:60 | target.substring(1) |
| translate.js:9:27:9:50 | searchP ... 'term') |
| translate.js:9:27:9:50 | searchP ... 'term') |
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) |
| tst3.js:2:23:2:74 | decodeU ... str(1)) |
| tst3.js:2:42:2:56 | window.location |
| tst3.js:2:42:2:56 | window.location |
| tst3.js:2:42:2:63 | window. ... .search |
| tst3.js:2:42:2:73 | window. ... bstr(1) |
| tst3.js:4:25:4:28 | data |
| tst3.js:4:25:4:32 | data.src |
| tst3.js:4:25:4:32 | data.src |
| tst3.js:5:26:5:29 | data |
| tst3.js:5:26:5:31 | data.p |
| tst3.js:5:26:5:31 | data.p |
| tst3.js:7:32:7:35 | data |
| tst3.js:7:32:7:37 | data.p |
| tst3.js:7:32:7:37 | data.p |
| tst3.js:9:37:9:40 | data |
| tst3.js:9:37:9:42 | data.p |
| tst3.js:9:37:9:42 | data.p |
| tst3.js:10:38:10:41 | data |
| tst3.js:10:38:10:43 | data.p |
| tst3.js:10:38:10:43 | data.p |
| tst.js:2:7:2:39 | target |
| tst.js:2:16:2:32 | document.location |
| tst.js:2:16:2:32 | document.location |
| tst.js:2:16:2:39 | documen ... .search |
| tst.js:5:18:5:23 | target |
| tst.js:5:18:5:23 | target |
| tst.js:8:18:8:126 | "<OPTIO ... PTION>" |
| tst.js:8:18:8:126 | "<OPTIO ... PTION>" |
| tst.js:8:37:8:53 | document.location |
| tst.js:8:37:8:53 | document.location |
| tst.js:8:37:8:58 | documen ... on.href |
| tst.js:8:37:8:114 | documen ... t=")+8) |
| tst.js:12:5:12:42 | '<div s ... 'px">' |
| tst.js:12:5:12:42 | '<div s ... 'px">' |
| tst.js:12:28:12:33 | target |
| tst.js:19:25:19:41 | document.location |
| tst.js:19:25:19:41 | document.location |
| tst.js:20:18:20:35 | params.get('name') |
| tst.js:20:18:20:35 | params.get('name') |
| tst.js:23:42:23:47 | target |
| tst.js:23:42:23:60 | target.substring(1) |
| tst.js:24:18:24:41 | searchP ... 'name') |
| tst.js:24:18:24:41 | searchP ... 'name') |
| tst.js:27:14:27:19 | target |
| tst.js:29:18:29:23 | target |
| tst.js:29:18:29:23 | target |
| tst.js:31:5:31:21 | document.location |
| tst.js:31:5:31:21 | document.location |
| tst.js:31:5:31:28 | documen ... .search |
| tst.js:34:10:34:26 | document.location |
| tst.js:34:10:34:26 | document.location |
| tst.js:34:10:34:33 | documen ... .search |
| tst.js:37:16:37:20 | bar() |
| tst.js:37:16:37:20 | bar() |
| tst.js:43:16:43:44 | baz(doc ... search) |
| tst.js:43:16:43:44 | baz(doc ... search) |
| tst.js:43:20:43:36 | document.location |
| tst.js:43:20:43:36 | document.location |
| tst.js:43:20:43:43 | documen ... .search |
| tst.js:49:16:49:45 | wrap(do ... search) |
| tst.js:49:16:49:45 | wrap(do ... search) |
| tst.js:49:21:49:37 | document.location |
| tst.js:49:21:49:37 | document.location |
| tst.js:49:21:49:44 | documen ... .search |
| tst.js:57:16:57:45 | chop(do ... search) |
| tst.js:57:16:57:45 | chop(do ... search) |
| tst.js:57:21:57:37 | document.location |
| tst.js:57:21:57:37 | document.location |
| tst.js:57:21:57:44 | documen ... .search |
| tst.js:59:16:59:45 | chop(do ... search) |
| tst.js:59:16:59:45 | chop(do ... search) |
| tst.js:59:21:59:37 | document.location |
| tst.js:59:21:59:37 | document.location |
| tst.js:59:21:59:44 | documen ... .search |
| tst.js:61:16:61:32 | wrap(chop(bar())) |
| tst.js:61:16:61:32 | wrap(chop(bar())) |
| tst.js:61:21:61:31 | chop(bar()) |
| tst.js:61:26:61:30 | bar() |
| tst.js:63:34:63:34 | s |
| tst.js:65:18:65:18 | s |
| tst.js:65:18:65:18 | s |
| tst.js:67:25:67:41 | document.location |
| tst.js:67:25:67:41 | document.location |
| tst.js:67:25:67:48 | documen ... .search |
| tst.js:68:25:68:41 | document.location |
| tst.js:68:25:68:41 | document.location |
| tst.js:68:25:68:48 | documen ... .search |
| tst.js:71:16:71:20 | bar() |
| tst.js:71:16:71:20 | bar() |
| tst.js:73:1:73:27 | [,docum ... search] |
| tst.js:73:3:73:19 | document.location |
| tst.js:73:3:73:19 | document.location |
| tst.js:73:3:73:26 | documen ... .search |
| tst.js:73:46:73:46 | x |
| tst.js:76:20:76:20 | x |
| tst.js:76:20:76:20 | x |
| tst.js:80:49:80:65 | document.location |
| tst.js:80:49:80:65 | document.location |
| tst.js:80:49:80:72 | documen ... .search |
| tst.js:80:49:80:72 | documen ... .search |
| tst.js:84:26:84:42 | document.location |
| tst.js:84:26:84:42 | document.location |
| tst.js:84:26:84:49 | documen ... .search |
| tst.js:84:26:84:49 | documen ... .search |
| tst.js:85:25:85:41 | document.location |
| tst.js:85:25:85:41 | document.location |
| tst.js:85:25:85:48 | documen ... .search |
| tst.js:85:25:85:48 | documen ... .search |
| tst.js:87:33:87:49 | document.location |
| tst.js:87:33:87:49 | document.location |
| tst.js:87:33:87:56 | documen ... .search |
| tst.js:87:33:87:56 | documen ... .search |
| tst.js:88:32:88:48 | document.location |
| tst.js:88:32:88:48 | document.location |
| tst.js:88:32:88:55 | documen ... .search |
| tst.js:88:32:88:55 | documen ... .search |
| tst.js:93:39:93:55 | document.location |
| tst.js:93:39:93:55 | document.location |
| tst.js:93:39:93:62 | documen ... .search |
| tst.js:93:39:93:62 | documen ... .search |
| tst.js:99:30:99:46 | document.location |
| tst.js:99:30:99:46 | document.location |
| tst.js:99:30:99:53 | documen ... .search |
| tst.js:99:30:99:53 | documen ... .search |
| tst.js:105:25:105:41 | document.location |
| tst.js:105:25:105:41 | document.location |
| tst.js:105:25:105:48 | documen ... .search |
| tst.js:105:25:105:48 | documen ... .search |
| tst.js:110:7:110:44 | v |
| tst.js:110:11:110:27 | document.location |
| tst.js:110:11:110:27 | document.location |
| tst.js:110:11:110:34 | documen ... .search |
| tst.js:110:11:110:44 | documen ... bstr(1) |
| tst.js:113:18:113:18 | v |
| tst.js:113:18:113:18 | v |
| tst.js:145:29:145:43 | window.location |
| tst.js:145:29:145:43 | window.location |
| tst.js:145:29:145:50 | window. ... .search |
| tst.js:148:29:148:29 | v |
| tst.js:148:49:148:49 | v |
| tst.js:148:49:148:49 | v |
| tst.js:152:29:152:46 | xssSourceService() |
| tst.js:152:29:152:46 | xssSourceService() |
| tst.js:155:40:155:54 | window.location |
| tst.js:155:40:155:54 | window.location |
| tst.js:155:40:155:61 | window. ... .search |
| tst.js:174:9:174:41 | target |
| tst.js:174:18:174:34 | document.location |
| tst.js:174:18:174:34 | document.location |
| tst.js:174:18:174:41 | documen ... .search |
| tst.js:177:28:177:33 | target |
| tst.js:177:28:177:33 | target |
| tst.js:181:9:181:42 | tainted |
| tst.js:181:19:181:35 | document.location |
| tst.js:181:19:181:35 | document.location |
| tst.js:181:19:181:42 | documen ... .search |
| tst.js:183:31:183:37 | tainted |
| tst.js:183:31:183:37 | tainted |
| tst.js:185:42:185:48 | tainted |
| tst.js:185:42:185:48 | tainted |
| tst.js:186:33:186:39 | tainted |
| tst.js:186:33:186:39 | tainted |
| tst.js:188:54:188:60 | tainted |
| tst.js:188:54:188:60 | tainted |
| tst.js:189:45:189:51 | tainted |
| tst.js:189:45:189:51 | tainted |
| tst.js:194:9:194:42 | tainted |
| tst.js:194:19:194:35 | document.location |
| tst.js:194:19:194:35 | document.location |
| tst.js:194:19:194:42 | documen ... .search |
| tst.js:196:67:196:73 | tainted |
| tst.js:196:67:196:73 | tainted |
| tst.js:197:67:197:73 | tainted |
| tst.js:197:67:197:73 | tainted |
| tst.js:201:35:201:41 | tainted |
| tst.js:203:46:203:52 | tainted |
| tst.js:204:38:204:44 | tainted |
| tst.js:205:35:205:41 | tainted |
| tst.js:209:28:209:46 | this.state.tainted1 |
| tst.js:209:28:209:46 | this.state.tainted1 |
| tst.js:210:28:210:46 | this.state.tainted2 |
| tst.js:210:28:210:46 | this.state.tainted2 |
| tst.js:211:28:211:46 | this.state.tainted3 |
| tst.js:211:28:211:46 | this.state.tainted3 |
| tst.js:215:32:215:49 | prevState.tainted4 |
| tst.js:215:32:215:49 | prevState.tainted4 |
| tst.js:222:28:222:46 | this.props.tainted1 |
| tst.js:222:28:222:46 | this.props.tainted1 |
| tst.js:223:28:223:46 | this.props.tainted2 |
| tst.js:223:28:223:46 | this.props.tainted2 |
| tst.js:224:28:224:46 | this.props.tainted3 |
| tst.js:224:28:224:46 | this.props.tainted3 |
| tst.js:228:32:228:49 | prevProps.tainted4 |
| tst.js:228:32:228:49 | prevProps.tainted4 |
| tst.js:233:35:233:41 | tainted |
| tst.js:235:20:235:26 | tainted |
@@ -184,69 +294,119 @@ nodes
| tst.js:238:23:238:29 | tainted |
| tst.js:244:39:244:55 | props.propTainted |
| tst.js:248:60:248:82 | this.st ... Tainted |
| tst.js:248:60:248:82 | this.st ... Tainted |
| tst.js:252:23:252:29 | tainted |
| tst.js:256:7:256:17 | window.name |
| tst.js:256:7:256:17 | window.name |
| tst.js:256:7:256:17 | window.name |
| tst.js:257:7:257:10 | name |
| tst.js:257:7:257:10 | name |
| tst.js:257:7:257:10 | name |
| tst.js:261:11:261:21 | window.name |
| tst.js:261:11:261:21 | window.name |
| tst.js:261:11:261:21 | window.name |
| tst.js:277:22:277:29 | location |
| tst.js:277:22:277:29 | location |
| tst.js:277:22:277:29 | location |
| tst.js:282:9:282:29 | tainted |
| tst.js:282:9:282:29 | tainted |
| tst.js:282:19:282:29 | window.name |
| tst.js:282:19:282:29 | window.name |
| tst.js:285:59:285:65 | tainted |
| tst.js:285:59:285:65 | tainted |
| tst.js:285:59:285:65 | tainted |
| v-html.vue:2:8:2:23 | v-html=tainted |
| v-html.vue:2:8:2:23 | v-html=tainted |
| v-html.vue:6:42:6:58 | document.location |
| v-html.vue:6:42:6:58 | document.location |
| winjs.js:2:7:2:53 | tainted |
| winjs.js:2:17:2:33 | document.location |
| winjs.js:2:17:2:33 | document.location |
| winjs.js:2:17:2:40 | documen ... .search |
| winjs.js:2:17:2:53 | documen ... ring(1) |
| winjs.js:3:43:3:49 | tainted |
| winjs.js:3:43:3:49 | tainted |
| winjs.js:4:43:4:49 | tainted |
| winjs.js:4:43:4:49 | tainted |
edges
| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event |
| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event |
| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data |
| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data |
| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data |
| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data |
| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data |
| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data |
| addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data |
| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event |
| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event |
| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data |
| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data |
| jquery.js:2:7:2:40 | tainted | jquery.js:4:5:4:11 | tainted |
| jquery.js:2:7:2:40 | tainted | jquery.js:4:5:4:11 | tainted |
| jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted |
| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted |
| jquery.js:2:17:2:33 | document.location | jquery.js:2:17:2:40 | documen ... .search |
| jquery.js:2:17:2:33 | document.location | jquery.js:2:17:2:40 | documen ... .search |
| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted |
| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "<div i ... + "\\">" |
| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "<div i ... + "\\">" |
| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted |
| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted |
| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
| stored-xss.js:2:39:2:55 | document.location | stored-xss.js:2:39:2:62 | documen ... .search |
| stored-xss.js:2:39:2:55 | document.location | stored-xss.js:2:39:2:62 | documen ... .search |
| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') |
| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') |
| stored-xss.js:3:35:3:51 | document.location | stored-xss.js:3:35:3:58 | documen ... .search |
| stored-xss.js:3:35:3:51 | document.location | stored-xss.js:3:35:3:58 | documen ... .search |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') |
| string-manipulations.js:3:16:3:32 | document.location | string-manipulations.js:3:16:3:32 | document.location |
| string-manipulations.js:4:16:4:32 | document.location | string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:4:16:4:32 | document.location | string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:4:16:4:32 | document.location | string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:4:16:4:32 | document.location | string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:5:16:5:32 | document.location | string-manipulations.js:5:16:5:37 | documen ... on.href |
| string-manipulations.js:5:16:5:32 | document.location | string-manipulations.js:5:16:5:37 | documen ... on.href |
| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() |
| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() |
| string-manipulations.js:6:16:6:32 | document.location | string-manipulations.js:6:16:6:37 | documen ... on.href |
| string-manipulations.js:6:16:6:32 | document.location | string-manipulations.js:6:16:6:37 | documen ... on.href |
| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() |
| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() |
| string-manipulations.js:7:16:7:32 | document.location | string-manipulations.js:7:16:7:37 | documen ... on.href |
| string-manipulations.js:7:16:7:32 | document.location | string-manipulations.js:7:16:7:37 | documen ... on.href |
| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() |
| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() |
| string-manipulations.js:8:16:8:32 | document.location | string-manipulations.js:8:16:8:37 | documen ... on.href |
| string-manipulations.js:8:16:8:32 | document.location | string-manipulations.js:8:16:8:37 | documen ... on.href |
| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() |
| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() |
| string-manipulations.js:9:36:9:52 | document.location | string-manipulations.js:9:36:9:57 | documen ... on.href |
| string-manipulations.js:9:36:9:52 | document.location | string-manipulations.js:9:36:9:57 | documen ... on.href |
| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) |
| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) |
| string-manipulations.js:10:23:10:39 | document.location | string-manipulations.js:10:23:10:44 | documen ... on.href |
| string-manipulations.js:10:23:10:39 | document.location | string-manipulations.js:10:23:10:44 | documen ... on.href |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target |
| translate.js:6:16:6:32 | document.location | translate.js:6:16:6:39 | documen ... .search |
| translate.js:6:16:6:32 | document.location | translate.js:6:16:6:39 | documen ... .search |
| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target |
| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) |
| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') |
| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') |
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data |
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data |
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:7:32:7:35 | data |
@@ -254,79 +414,153 @@ edges
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data |
| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) |
| tst3.js:2:42:2:56 | window.location | tst3.js:2:42:2:63 | window. ... .search |
| tst3.js:2:42:2:56 | window.location | tst3.js:2:42:2:63 | window. ... .search |
| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) |
| tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) |
| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src |
| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src |
| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p |
| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p |
| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p |
| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p |
| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p |
| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p |
| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p |
| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p |
| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target |
| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target |
| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target |
| tst.js:2:7:2:39 | target | tst.js:23:42:23:47 | target |
| tst.js:2:16:2:32 | document.location | tst.js:2:16:2:39 | documen ... .search |
| tst.js:2:16:2:32 | document.location | tst.js:2:16:2:39 | documen ... .search |
| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target |
| tst.js:8:37:8:53 | document.location | tst.js:8:37:8:58 | documen ... on.href |
| tst.js:8:37:8:53 | document.location | tst.js:8:37:8:58 | documen ... on.href |
| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) |
| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "<OPTIO ... PTION>" |
| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "<OPTIO ... PTION>" |
| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '<div s ... 'px">' |
| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '<div s ... 'px">' |
| tst.js:19:25:19:41 | document.location | tst.js:20:18:20:35 | params.get('name') |
| tst.js:19:25:19:41 | document.location | tst.js:20:18:20:35 | params.get('name') |
| tst.js:19:25:19:41 | document.location | tst.js:20:18:20:35 | params.get('name') |
| tst.js:19:25:19:41 | document.location | tst.js:20:18:20:35 | params.get('name') |
| tst.js:23:42:23:47 | target | tst.js:23:42:23:60 | target.substring(1) |
| tst.js:23:42:23:60 | target.substring(1) | tst.js:24:18:24:41 | searchP ... 'name') |
| tst.js:23:42:23:60 | target.substring(1) | tst.js:24:18:24:41 | searchP ... 'name') |
| tst.js:27:14:27:19 | target | tst.js:29:18:29:23 | target |
| tst.js:27:14:27:19 | target | tst.js:29:18:29:23 | target |
| tst.js:31:5:31:21 | document.location | tst.js:31:5:31:28 | documen ... .search |
| tst.js:31:5:31:21 | document.location | tst.js:31:5:31:28 | documen ... .search |
| tst.js:31:5:31:28 | documen ... .search | tst.js:27:14:27:19 | target |
| tst.js:34:10:34:26 | document.location | tst.js:34:10:34:33 | documen ... .search |
| tst.js:34:10:34:26 | document.location | tst.js:34:10:34:33 | documen ... .search |
| tst.js:34:10:34:33 | documen ... .search | tst.js:37:16:37:20 | bar() |
| tst.js:34:10:34:33 | documen ... .search | tst.js:37:16:37:20 | bar() |
| tst.js:34:10:34:33 | documen ... .search | tst.js:61:26:61:30 | bar() |
| tst.js:34:10:34:33 | documen ... .search | tst.js:71:16:71:20 | bar() |
| tst.js:34:10:34:33 | documen ... .search | tst.js:71:16:71:20 | bar() |
| tst.js:43:20:43:36 | document.location | tst.js:43:20:43:43 | documen ... .search |
| tst.js:43:20:43:36 | document.location | tst.js:43:20:43:43 | documen ... .search |
| tst.js:43:20:43:43 | documen ... .search | tst.js:43:16:43:44 | baz(doc ... search) |
| tst.js:43:20:43:43 | documen ... .search | tst.js:43:16:43:44 | baz(doc ... search) |
| tst.js:49:21:49:37 | document.location | tst.js:49:21:49:44 | documen ... .search |
| tst.js:49:21:49:37 | document.location | tst.js:49:21:49:44 | documen ... .search |
| tst.js:49:21:49:44 | documen ... .search | tst.js:49:16:49:45 | wrap(do ... search) |
| tst.js:49:21:49:44 | documen ... .search | tst.js:49:16:49:45 | wrap(do ... search) |
| tst.js:57:21:57:37 | document.location | tst.js:57:21:57:44 | documen ... .search |
| tst.js:57:21:57:37 | document.location | tst.js:57:21:57:44 | documen ... .search |
| tst.js:57:21:57:44 | documen ... .search | tst.js:57:16:57:45 | chop(do ... search) |
| tst.js:57:21:57:44 | documen ... .search | tst.js:57:16:57:45 | chop(do ... search) |
| tst.js:59:21:59:37 | document.location | tst.js:59:21:59:44 | documen ... .search |
| tst.js:59:21:59:37 | document.location | tst.js:59:21:59:44 | documen ... .search |
| tst.js:59:21:59:44 | documen ... .search | tst.js:59:16:59:45 | chop(do ... search) |
| tst.js:59:21:59:44 | documen ... .search | tst.js:59:16:59:45 | chop(do ... search) |
| tst.js:61:21:61:31 | chop(bar()) | tst.js:61:16:61:32 | wrap(chop(bar())) |
| tst.js:61:21:61:31 | chop(bar()) | tst.js:61:16:61:32 | wrap(chop(bar())) |
| tst.js:61:26:61:30 | bar() | tst.js:61:21:61:31 | chop(bar()) |
| tst.js:63:34:63:34 | s | tst.js:65:18:65:18 | s |
| tst.js:63:34:63:34 | s | tst.js:65:18:65:18 | s |
| tst.js:67:25:67:41 | document.location | tst.js:67:25:67:48 | documen ... .search |
| tst.js:67:25:67:41 | document.location | tst.js:67:25:67:48 | documen ... .search |
| tst.js:67:25:67:48 | documen ... .search | tst.js:63:34:63:34 | s |
| tst.js:68:25:68:41 | document.location | tst.js:68:25:68:48 | documen ... .search |
| tst.js:68:25:68:41 | document.location | tst.js:68:25:68:48 | documen ... .search |
| tst.js:68:25:68:48 | documen ... .search | tst.js:63:34:63:34 | s |
| tst.js:73:1:73:27 | [,docum ... search] | tst.js:73:46:73:46 | x |
| tst.js:73:3:73:19 | document.location | tst.js:73:3:73:26 | documen ... .search |
| tst.js:73:3:73:19 | document.location | tst.js:73:3:73:26 | documen ... .search |
| tst.js:73:3:73:26 | documen ... .search | tst.js:73:1:73:27 | [,docum ... search] |
| tst.js:73:46:73:46 | x | tst.js:76:20:76:20 | x |
| tst.js:73:46:73:46 | x | tst.js:76:20:76:20 | x |
| tst.js:80:49:80:65 | document.location | tst.js:80:49:80:72 | documen ... .search |
| tst.js:80:49:80:65 | document.location | tst.js:80:49:80:72 | documen ... .search |
| tst.js:80:49:80:65 | document.location | tst.js:80:49:80:72 | documen ... .search |
| tst.js:80:49:80:65 | document.location | tst.js:80:49:80:72 | documen ... .search |
| tst.js:84:26:84:42 | document.location | tst.js:84:26:84:49 | documen ... .search |
| tst.js:84:26:84:42 | document.location | tst.js:84:26:84:49 | documen ... .search |
| tst.js:84:26:84:42 | document.location | tst.js:84:26:84:49 | documen ... .search |
| tst.js:84:26:84:42 | document.location | tst.js:84:26:84:49 | documen ... .search |
| tst.js:85:25:85:41 | document.location | tst.js:85:25:85:48 | documen ... .search |
| tst.js:85:25:85:41 | document.location | tst.js:85:25:85:48 | documen ... .search |
| tst.js:85:25:85:41 | document.location | tst.js:85:25:85:48 | documen ... .search |
| tst.js:85:25:85:41 | document.location | tst.js:85:25:85:48 | documen ... .search |
| tst.js:87:33:87:49 | document.location | tst.js:87:33:87:56 | documen ... .search |
| tst.js:87:33:87:49 | document.location | tst.js:87:33:87:56 | documen ... .search |
| tst.js:87:33:87:49 | document.location | tst.js:87:33:87:56 | documen ... .search |
| tst.js:87:33:87:49 | document.location | tst.js:87:33:87:56 | documen ... .search |
| tst.js:88:32:88:48 | document.location | tst.js:88:32:88:55 | documen ... .search |
| tst.js:88:32:88:48 | document.location | tst.js:88:32:88:55 | documen ... .search |
| tst.js:88:32:88:48 | document.location | tst.js:88:32:88:55 | documen ... .search |
| tst.js:88:32:88:48 | document.location | tst.js:88:32:88:55 | documen ... .search |
| tst.js:93:39:93:55 | document.location | tst.js:93:39:93:62 | documen ... .search |
| tst.js:93:39:93:55 | document.location | tst.js:93:39:93:62 | documen ... .search |
| tst.js:93:39:93:55 | document.location | tst.js:93:39:93:62 | documen ... .search |
| tst.js:93:39:93:55 | document.location | tst.js:93:39:93:62 | documen ... .search |
| tst.js:99:30:99:46 | document.location | tst.js:99:30:99:53 | documen ... .search |
| tst.js:99:30:99:46 | document.location | tst.js:99:30:99:53 | documen ... .search |
| tst.js:99:30:99:46 | document.location | tst.js:99:30:99:53 | documen ... .search |
| tst.js:99:30:99:46 | document.location | tst.js:99:30:99:53 | documen ... .search |
| tst.js:105:25:105:41 | document.location | tst.js:105:25:105:48 | documen ... .search |
| tst.js:105:25:105:41 | document.location | tst.js:105:25:105:48 | documen ... .search |
| tst.js:105:25:105:41 | document.location | tst.js:105:25:105:48 | documen ... .search |
| tst.js:105:25:105:41 | document.location | tst.js:105:25:105:48 | documen ... .search |
| tst.js:110:7:110:44 | v | tst.js:113:18:113:18 | v |
| tst.js:110:7:110:44 | v | tst.js:113:18:113:18 | v |
| tst.js:110:11:110:27 | document.location | tst.js:110:11:110:34 | documen ... .search |
| tst.js:110:11:110:27 | document.location | tst.js:110:11:110:34 | documen ... .search |
| tst.js:110:11:110:34 | documen ... .search | tst.js:110:11:110:44 | documen ... bstr(1) |
| tst.js:110:11:110:44 | documen ... bstr(1) | tst.js:110:7:110:44 | v |
| tst.js:145:29:145:43 | window.location | tst.js:145:29:145:50 | window. ... .search |
| tst.js:145:29:145:43 | window.location | tst.js:145:29:145:50 | window. ... .search |
| tst.js:145:29:145:50 | window. ... .search | tst.js:148:29:148:29 | v |
| tst.js:148:29:148:29 | v | tst.js:148:49:148:49 | v |
| tst.js:148:29:148:29 | v | tst.js:148:49:148:49 | v |
| tst.js:155:40:155:54 | window.location | tst.js:155:40:155:61 | window. ... .search |
| tst.js:155:40:155:54 | window.location | tst.js:155:40:155:61 | window. ... .search |
| tst.js:155:40:155:61 | window. ... .search | tst.js:152:29:152:46 | xssSourceService() |
| tst.js:155:40:155:61 | window. ... .search | tst.js:152:29:152:46 | xssSourceService() |
| tst.js:174:9:174:41 | target | tst.js:177:28:177:33 | target |
| tst.js:174:9:174:41 | target | tst.js:177:28:177:33 | target |
| tst.js:174:18:174:34 | document.location | tst.js:174:18:174:41 | documen ... .search |
| tst.js:174:18:174:34 | document.location | tst.js:174:18:174:41 | documen ... .search |
| tst.js:174:18:174:41 | documen ... .search | tst.js:174:9:174:41 | target |
| tst.js:181:9:181:42 | tainted | tst.js:183:31:183:37 | tainted |
| tst.js:181:9:181:42 | tainted | tst.js:183:31:183:37 | tainted |
| tst.js:181:9:181:42 | tainted | tst.js:185:42:185:48 | tainted |
| tst.js:181:9:181:42 | tainted | tst.js:185:42:185:48 | tainted |
| tst.js:181:9:181:42 | tainted | tst.js:186:33:186:39 | tainted |
| tst.js:181:9:181:42 | tainted | tst.js:186:33:186:39 | tainted |
| tst.js:181:9:181:42 | tainted | tst.js:188:54:188:60 | tainted |
| tst.js:181:9:181:42 | tainted | tst.js:188:54:188:60 | tainted |
| tst.js:181:9:181:42 | tainted | tst.js:189:45:189:51 | tainted |
| tst.js:181:9:181:42 | tainted | tst.js:189:45:189:51 | tainted |
| tst.js:181:19:181:35 | document.location | tst.js:181:19:181:42 | documen ... .search |
| tst.js:181:19:181:35 | document.location | tst.js:181:19:181:42 | documen ... .search |
| tst.js:181:19:181:42 | documen ... .search | tst.js:181:9:181:42 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:196:67:196:73 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:196:67:196:73 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:197:67:197:73 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:197:67:197:73 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:201:35:201:41 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:203:46:203:52 | tainted |
@@ -338,15 +572,25 @@ edges
| tst.js:194:9:194:42 | tainted | tst.js:238:23:238:29 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:252:23:252:29 | tainted |
| tst.js:194:19:194:35 | document.location | tst.js:194:19:194:42 | documen ... .search |
| tst.js:194:19:194:35 | document.location | tst.js:194:19:194:42 | documen ... .search |
| tst.js:194:19:194:42 | documen ... .search | tst.js:194:9:194:42 | tainted |
| tst.js:201:35:201:41 | tainted | tst.js:209:28:209:46 | this.state.tainted1 |
| tst.js:201:35:201:41 | tainted | tst.js:209:28:209:46 | this.state.tainted1 |
| tst.js:203:46:203:52 | tainted | tst.js:210:28:210:46 | this.state.tainted2 |
| tst.js:203:46:203:52 | tainted | tst.js:210:28:210:46 | this.state.tainted2 |
| tst.js:204:38:204:44 | tainted | tst.js:211:28:211:46 | this.state.tainted3 |
| tst.js:204:38:204:44 | tainted | tst.js:211:28:211:46 | this.state.tainted3 |
| tst.js:205:35:205:41 | tainted | tst.js:215:32:215:49 | prevState.tainted4 |
| tst.js:205:35:205:41 | tainted | tst.js:215:32:215:49 | prevState.tainted4 |
| tst.js:233:35:233:41 | tainted | tst.js:222:28:222:46 | this.props.tainted1 |
| tst.js:233:35:233:41 | tainted | tst.js:222:28:222:46 | this.props.tainted1 |
| tst.js:235:20:235:26 | tainted | tst.js:223:28:223:46 | this.props.tainted2 |
| tst.js:235:20:235:26 | tainted | tst.js:223:28:223:46 | this.props.tainted2 |
| tst.js:237:23:237:29 | tainted | tst.js:224:28:224:46 | this.props.tainted3 |
| tst.js:237:23:237:29 | tainted | tst.js:224:28:224:46 | this.props.tainted3 |
| tst.js:238:23:238:29 | tainted | tst.js:228:32:228:49 | prevProps.tainted4 |
| tst.js:238:23:238:29 | tainted | tst.js:228:32:228:49 | prevProps.tainted4 |
| tst.js:244:39:244:55 | props.propTainted | tst.js:248:60:248:82 | this.st ... Tainted |
| tst.js:244:39:244:55 | props.propTainted | tst.js:248:60:248:82 | this.st ... Tainted |
| tst.js:252:23:252:29 | tainted | tst.js:244:39:244:55 | props.propTainted |
| tst.js:256:7:256:17 | window.name | tst.js:256:7:256:17 | window.name |
@@ -354,11 +598,21 @@ edges
| tst.js:261:11:261:21 | window.name | tst.js:261:11:261:21 | window.name |
| tst.js:277:22:277:29 | location | tst.js:277:22:277:29 | location |
| tst.js:282:9:282:29 | tainted | tst.js:285:59:285:65 | tainted |
| tst.js:282:19:282:29 | window.name | tst.js:285:59:285:65 | tainted |
| tst.js:282:9:282:29 | tainted | tst.js:285:59:285:65 | tainted |
| tst.js:282:9:282:29 | tainted | tst.js:285:59:285:65 | tainted |
| tst.js:282:9:282:29 | tainted | tst.js:285:59:285:65 | tainted |
| tst.js:282:19:282:29 | window.name | tst.js:282:9:282:29 | tainted |
| tst.js:282:19:282:29 | window.name | tst.js:282:9:282:29 | tainted |
| tst.js:285:59:285:65 | tainted | tst.js:285:59:285:65 | tainted |
| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted |
| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted |
| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted |
| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted |
| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted |
| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted |
| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted |
| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted |
| winjs.js:2:17:2:33 | document.location | winjs.js:2:17:2:40 | documen ... .search |
| winjs.js:2:17:2:33 | document.location | winjs.js:2:17:2:40 | documen ... .search |
| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) |
| winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted |

4
javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected
View File

@@ -2,14 +2,18 @@ nodes
| typedClient.ts:13:7:13:32 | v |
| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
| typedClient.ts:13:22:13:29 | req.body |
| typedClient.ts:13:22:13:29 | req.body |
| typedClient.ts:13:22:13:31 | req.body.x |
| typedClient.ts:14:24:14:32 | { id: v } |
| typedClient.ts:14:24:14:32 | { id: v } |
| typedClient.ts:14:30:14:30 | v |
edges
| typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v |
| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v |
| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x |
| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x |
| typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } |
| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } |
#select
| typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query depends on $@. | typedClient.ts:13:22:13:29 | req.body | a user-provided value |

102
javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected
View File

@@ -2,140 +2,242 @@ nodes
| mongodb.js:12:11:12:20 | query |
| mongodb.js:12:19:12:20 | {} |
| mongodb.js:13:19:13:26 | req.body |
| mongodb.js:13:19:13:26 | req.body |
| mongodb.js:13:19:13:32 | req.body.title |
| mongodb.js:18:16:18:20 | query |
| mongodb.js:18:16:18:20 | query |
| mongodb.js:26:11:26:32 | title |
| mongodb.js:26:19:26:26 | req.body |
| mongodb.js:26:19:26:26 | req.body |
| mongodb.js:26:19:26:32 | req.body.title |
| mongodb.js:32:18:32:45 | { title ... itle) } |
| mongodb.js:32:18:32:45 | { title ... itle) } |
| mongodb.js:32:27:32:43 | JSON.parse(title) |
| mongodb.js:32:38:32:42 | title |
| mongodb.js:48:11:48:20 | query |
| mongodb.js:48:19:48:20 | {} |
| mongodb.js:49:19:49:33 | req.query.title |
| mongodb.js:49:19:49:33 | req.query.title |
| mongodb.js:54:16:54:20 | query |
| mongodb.js:54:16:54:20 | query |
| mongodb_bodySafe.js:23:11:23:20 | query |
| mongodb_bodySafe.js:23:19:23:20 | {} |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title |
| mongodb_bodySafe.js:29:16:29:20 | query |
| mongodb_bodySafe.js:29:16:29:20 | query |
| mongoose.js:20:11:20:20 | query |
| mongoose.js:20:19:20:20 | {} |
| mongoose.js:21:19:21:26 | req.body |
| mongoose.js:21:19:21:26 | req.body |
| mongoose.js:21:19:21:32 | req.body.title |
| mongoose.js:27:20:27:24 | query |
| mongoose.js:27:20:27:24 | query |
| mongoose.js:30:25:30:29 | query |
| mongoose.js:30:25:30:29 | query |
| mongoose.js:33:24:33:28 | query |
| mongoose.js:33:24:33:28 | query |
| mongoose.js:36:31:36:35 | query |
| mongoose.js:36:31:36:35 | query |
| mongoose.js:39:19:39:23 | query |
| mongoose.js:39:19:39:23 | query |
| mongoose.js:42:22:42:26 | query |
| mongoose.js:42:22:42:26 | query |
| mongoose.js:45:31:45:35 | query |
| mongoose.js:45:31:45:35 | query |
| mongoose.js:48:31:48:35 | query |
| mongoose.js:48:31:48:35 | query |
| mongoose.js:51:31:51:35 | query |
| mongoose.js:51:31:51:35 | query |
| mongoose.js:54:25:54:29 | query |
| mongoose.js:54:25:54:29 | query |
| mongoose.js:57:21:57:25 | query |
| mongoose.js:57:21:57:25 | query |
| mongoose.js:60:25:60:29 | query |
| mongoose.js:60:25:60:29 | query |
| mongoose.js:63:24:63:28 | query |
| mongoose.js:63:24:63:28 | query |
| mongooseJsonParse.js:19:11:19:20 | query |
| mongooseJsonParse.js:19:19:19:20 | {} |
| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) |
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title |
| mongooseJsonParse.js:20:30:20:43 | req.query.data |
| mongooseJsonParse.js:20:30:20:43 | req.query.data |
| mongooseJsonParse.js:23:19:23:23 | query |
| mongooseJsonParse.js:23:19:23:23 | query |
| mongooseModelClient.js:10:7:10:32 | v |
| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) |
| mongooseModelClient.js:10:22:10:29 | req.body |
| mongooseModelClient.js:10:22:10:29 | req.body |
| mongooseModelClient.js:10:22:10:31 | req.body.x |
| mongooseModelClient.js:11:16:11:24 | { id: v } |
| mongooseModelClient.js:11:16:11:24 | { id: v } |
| mongooseModelClient.js:11:22:11:22 | v |
| mongooseModelClient.js:12:16:12:34 | { id: req.body.id } |
| mongooseModelClient.js:12:16:12:34 | { id: req.body.id } |
| mongooseModelClient.js:12:22:12:29 | req.body |
| mongooseModelClient.js:12:22:12:29 | req.body |
| mongooseModelClient.js:12:22:12:32 | req.body.id |
| socketio.js:10:25:10:30 | handle |
| socketio.js:10:25:10:30 | handle |
| socketio.js:11:12:11:53 | `INSERT ... andle}` |
| socketio.js:11:12:11:53 | `INSERT ... andle}` |
| socketio.js:11:46:11:51 | handle |
| tst2.js:9:27:9:84 | "select ... d + "'" |
| tst2.js:9:27:9:84 | "select ... d + "'" |
| tst2.js:9:66:9:78 | req.params.id |
| tst2.js:9:66:9:78 | req.params.id |
| tst3.js:8:7:9:55 | query1 |
| tst3.js:8:16:9:55 | "SELECT ... PRICE" |
| tst3.js:9:16:9:34 | req.params.category |
| tst3.js:9:16:9:34 | req.params.category |
| tst3.js:10:14:10:19 | query1 |
| tst3.js:10:14:10:19 | query1 |
| tst4.js:8:10:8:66 | 'SELECT ... d + '"' |
| tst4.js:8:10:8:66 | 'SELECT ... d + '"' |
| tst4.js:8:46:8:60 | $routeParams.id |
| tst4.js:8:46:8:60 | $routeParams.id |
| tst.js:10:10:10:64 | 'SELECT ... d + '"' |
| tst.js:10:10:10:64 | 'SELECT ... d + '"' |
| tst.js:10:46:10:58 | req.params.id |
| tst.js:10:46:10:58 | req.params.id |
edges
| mongodb.js:12:11:12:20 | query | mongodb.js:18:16:18:20 | query |
| mongodb.js:12:11:12:20 | query | mongodb.js:18:16:18:20 | query |
| mongodb.js:12:19:12:20 | {} | mongodb.js:12:11:12:20 | query |
| mongodb.js:13:19:13:26 | req.body | mongodb.js:13:19:13:32 | req.body.title |
| mongodb.js:13:19:13:26 | req.body | mongodb.js:13:19:13:32 | req.body.title |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:11:12:20 | query |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:19:12:20 | {} |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:18:16:18:20 | query |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:18:16:18:20 | query |
| mongodb.js:26:11:26:32 | title | mongodb.js:32:38:32:42 | title |
| mongodb.js:26:19:26:26 | req.body | mongodb.js:26:19:26:32 | req.body.title |
| mongodb.js:26:19:26:26 | req.body | mongodb.js:26:19:26:32 | req.body.title |
| mongodb.js:26:19:26:32 | req.body.title | mongodb.js:26:11:26:32 | title |
| mongodb.js:32:27:32:43 | JSON.parse(title) | mongodb.js:32:18:32:45 | { title ... itle) } |
| mongodb.js:32:27:32:43 | JSON.parse(title) | mongodb.js:32:18:32:45 | { title ... itle) } |
| mongodb.js:32:38:32:42 | title | mongodb.js:32:27:32:43 | JSON.parse(title) |
| mongodb.js:48:11:48:20 | query | mongodb.js:54:16:54:20 | query |
| mongodb.js:48:11:48:20 | query | mongodb.js:54:16:54:20 | query |
| mongodb.js:48:19:48:20 | {} | mongodb.js:48:11:48:20 | query |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:11:48:20 | query |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:11:48:20 | query |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:19:48:20 | {} |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:19:48:20 | {} |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query |
| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:29:16:29:20 | query |
| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:29:16:29:20 | query |
| mongodb_bodySafe.js:23:19:23:20 | {} | mongodb_bodySafe.js:23:11:23:20 | query |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:11:23:20 | query |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:11:23:20 | query |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:19:23:20 | {} |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:19:23:20 | {} |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:27:20:27:24 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:27:20:27:24 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:30:25:30:29 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:30:25:30:29 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:33:24:33:28 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:33:24:33:28 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:36:31:36:35 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:36:31:36:35 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:39:19:39:23 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:39:19:39:23 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:42:22:42:26 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:42:22:42:26 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:45:31:45:35 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:45:31:45:35 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:48:31:48:35 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:48:31:48:35 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:51:31:51:35 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:51:31:51:35 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:54:25:54:29 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:54:25:54:29 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:57:21:57:25 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:57:21:57:25 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:60:25:60:29 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:60:25:60:29 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:63:24:63:28 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:63:24:63:28 | query |
| mongoose.js:20:19:20:20 | {} | mongoose.js:20:11:20:20 | query |
| mongoose.js:21:19:21:26 | req.body | mongoose.js:21:19:21:32 | req.body.title |
| mongoose.js:21:19:21:26 | req.body | mongoose.js:21:19:21:32 | req.body.title |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:20:11:20:20 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:20:19:20:20 | {} |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:27:20:27:24 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:27:20:27:24 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:30:25:30:29 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:30:25:30:29 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:33:24:33:28 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:33:24:33:28 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:36:31:36:35 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:36:31:36:35 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:39:19:39:23 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:39:19:39:23 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:42:22:42:26 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:42:22:42:26 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:45:31:45:35 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:45:31:45:35 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:48:31:48:35 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:48:31:48:35 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:51:31:51:35 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:51:31:51:35 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:54:25:54:29 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:54:25:54:29 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:57:21:57:25 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:57:21:57:25 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:60:25:60:29 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:60:25:60:29 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:63:24:63:28 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:63:24:63:28 | query |
| mongooseJsonParse.js:19:11:19:20 | query | mongooseJsonParse.js:23:19:23:23 | query |
| mongooseJsonParse.js:19:11:19:20 | query | mongooseJsonParse.js:23:19:23:23 | query |
| mongooseJsonParse.js:19:19:19:20 | {} | mongooseJsonParse.js:19:11:19:20 | query |
| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title |
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:11:19:20 | query |
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:19:19:20 | {} |
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:23:19:23:23 | query |
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:23:19:23:23 | query |
| mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) |
| mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) |
| mongooseModelClient.js:10:7:10:32 | v | mongooseModelClient.js:11:22:11:22 | v |
| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | mongooseModelClient.js:10:7:10:32 | v |
| mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:10:22:10:31 | req.body.x |
| mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:10:22:10:31 | req.body.x |
| mongooseModelClient.js:10:22:10:31 | req.body.x | mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) |
| mongooseModelClient.js:11:22:11:22 | v | mongooseModelClient.js:11:16:11:24 | { id: v } |
| mongooseModelClient.js:11:22:11:22 | v | mongooseModelClient.js:11:16:11:24 | { id: v } |
| mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:22:12:32 | req.body.id |
| mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:22:12:32 | req.body.id |
| mongooseModelClient.js:12:22:12:32 | req.body.id | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } |
| mongooseModelClient.js:12:22:12:32 | req.body.id | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } |
| socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle |
| socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle |
| socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` |
| socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` |
| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" |
| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" |
| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" |
| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" |
| tst3.js:8:7:9:55 | query1 | tst3.js:10:14:10:19 | query1 |
| tst3.js:8:7:9:55 | query1 | tst3.js:10:14:10:19 | query1 |
| tst3.js:8:16:9:55 | "SELECT ... PRICE" | tst3.js:8:7:9:55 | query1 |
| tst3.js:9:16:9:34 | req.params.category | tst3.js:8:16:9:55 | "SELECT ... PRICE" |
| tst3.js:9:16:9:34 | req.params.category | tst3.js:8:16:9:55 | "SELECT ... PRICE" |
| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' |
| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' |
| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' |
| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' |
| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
#select
| mongodb.js:18:16:18:20 | query | mongodb.js:13:19:13:26 | req.body | mongodb.js:18:16:18:20 | query | This query depends on $@. | mongodb.js:13:19:13:26 | req.body | a user-provided value |

122
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected
View File

@@ -1,93 +1,215 @@
nodes
| angularjs.js:10:22:10:29 | location |
| angularjs.js:10:22:10:29 | location |
| angularjs.js:10:22:10:36 | location.search |
| angularjs.js:10:22:10:36 | location.search |
| angularjs.js:13:23:13:30 | location |
| angularjs.js:13:23:13:30 | location |
| angularjs.js:13:23:13:37 | location.search |
| angularjs.js:13:23:13:37 | location.search |
| angularjs.js:16:28:16:35 | location |
| angularjs.js:16:28:16:35 | location |
| angularjs.js:16:28:16:42 | location.search |
| angularjs.js:16:28:16:42 | location.search |
| angularjs.js:19:22:19:29 | location |
| angularjs.js:19:22:19:29 | location |
| angularjs.js:19:22:19:36 | location.search |
| angularjs.js:19:22:19:36 | location.search |
| angularjs.js:22:27:22:34 | location |
| angularjs.js:22:27:22:34 | location |
| angularjs.js:22:27:22:41 | location.search |
| angularjs.js:22:27:22:41 | location.search |
| angularjs.js:25:23:25:30 | location |
| angularjs.js:25:23:25:30 | location |
| angularjs.js:25:23:25:37 | location.search |
| angularjs.js:25:23:25:37 | location.search |
| angularjs.js:28:33:28:40 | location |
| angularjs.js:28:33:28:40 | location |
| angularjs.js:28:33:28:47 | location.search |
| angularjs.js:28:33:28:47 | location.search |
| angularjs.js:31:28:31:35 | location |
| angularjs.js:31:28:31:35 | location |
| angularjs.js:31:28:31:42 | location.search |
| angularjs.js:31:28:31:42 | location.search |
| angularjs.js:34:18:34:25 | location |
| angularjs.js:34:18:34:25 | location |
| angularjs.js:34:18:34:32 | location.search |
| angularjs.js:34:18:34:32 | location.search |
| angularjs.js:40:18:40:25 | location |
| angularjs.js:40:18:40:25 | location |
| angularjs.js:40:18:40:32 | location.search |
| angularjs.js:40:18:40:32 | location.search |
| angularjs.js:44:17:44:24 | location |
| angularjs.js:44:17:44:24 | location |
| angularjs.js:44:17:44:31 | location.search |
| angularjs.js:44:17:44:31 | location.search |
| angularjs.js:47:16:47:23 | location |
| angularjs.js:47:16:47:23 | location |
| angularjs.js:47:16:47:30 | location.search |
| angularjs.js:47:16:47:30 | location.search |
| angularjs.js:50:22:50:29 | location |
| angularjs.js:50:22:50:29 | location |
| angularjs.js:50:22:50:36 | location.search |
| angularjs.js:50:22:50:36 | location.search |
| angularjs.js:53:32:53:39 | location |
| angularjs.js:53:32:53:39 | location |
| angularjs.js:53:32:53:46 | location.search |
| angularjs.js:53:32:53:46 | location.search |
| express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") |
| express.js:7:44:7:62 | req.param("wobble") |
| express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") |
| express.js:9:54:9:72 | req.param("wobble") |
| express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") |
| express.js:12:28:12:46 | req.param("wobble") |
| react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:8:32:8:38 | tainted |
| react-native.js:8:32:8:38 | tainted |
| react-native.js:10:23:10:29 | tainted |
| react-native.js:10:23:10:29 | tainted |
| tst.js:2:6:2:22 | document.location |
| tst.js:2:6:2:22 | document.location |
| tst.js:2:6:2:27 | documen ... on.href |
| tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:5:12:5:28 | document.location |
| tst.js:5:12:5:28 | document.location |
| tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:14:10:14:26 | document.location |
| tst.js:14:10:14:26 | document.location |
| tst.js:14:10:14:33 | documen ... .search |
| tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:17:21:17:37 | document.location |
| tst.js:17:21:17:37 | document.location |
| tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:20:30:20:46 | document.location |
| tst.js:20:30:20:46 | document.location |
| tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:23:11:23:27 | document.location |
| tst.js:23:11:23:27 | document.location |
| tst.js:23:11:23:32 | documen ... on.hash |
| tst.js:23:11:23:45 | documen ... ring(1) |
| tst.js:26:26:26:33 | location |
| tst.js:26:26:26:33 | location |
| tst.js:26:26:26:40 | location.search |
| tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:26:26:26:53 | locatio ... ring(1) |
edges
| angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search |
| angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search |
| angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search |
| angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search |
| angularjs.js:13:23:13:30 | location | angularjs.js:13:23:13:37 | location.search |
| angularjs.js:13:23:13:30 | location | angularjs.js:13:23:13:37 | location.search |
| angularjs.js:13:23:13:30 | location | angularjs.js:13:23:13:37 | location.search |
| angularjs.js:13:23:13:30 | location | angularjs.js:13:23:13:37 | location.search |
| angularjs.js:16:28:16:35 | location | angularjs.js:16:28:16:42 | location.search |
| angularjs.js:16:28:16:35 | location | angularjs.js:16:28:16:42 | location.search |
| angularjs.js:16:28:16:35 | location | angularjs.js:16:28:16:42 | location.search |
| angularjs.js:16:28:16:35 | location | angularjs.js:16:28:16:42 | location.search |
| angularjs.js:19:22:19:29 | location | angularjs.js:19:22:19:36 | location.search |
| angularjs.js:19:22:19:29 | location | angularjs.js:19:22:19:36 | location.search |
| angularjs.js:19:22:19:29 | location | angularjs.js:19:22:19:36 | location.search |
| angularjs.js:19:22:19:29 | location | angularjs.js:19:22:19:36 | location.search |
| angularjs.js:22:27:22:34 | location | angularjs.js:22:27:22:41 | location.search |
| angularjs.js:22:27:22:34 | location | angularjs.js:22:27:22:41 | location.search |
| angularjs.js:22:27:22:34 | location | angularjs.js:22:27:22:41 | location.search |
| angularjs.js:22:27:22:34 | location | angularjs.js:22:27:22:41 | location.search |
| angularjs.js:25:23:25:30 | location | angularjs.js:25:23:25:37 | location.search |
| angularjs.js:25:23:25:30 | location | angularjs.js:25:23:25:37 | location.search |
| angularjs.js:25:23:25:30 | location | angularjs.js:25:23:25:37 | location.search |
| angularjs.js:25:23:25:30 | location | angularjs.js:25:23:25:37 | location.search |
| angularjs.js:28:33:28:40 | location | angularjs.js:28:33:28:47 | location.search |
| angularjs.js:28:33:28:40 | location | angularjs.js:28:33:28:47 | location.search |
| angularjs.js:28:33:28:40 | location | angularjs.js:28:33:28:47 | location.search |
| angularjs.js:28:33:28:40 | location | angularjs.js:28:33:28:47 | location.search |
| angularjs.js:31:28:31:35 | location | angularjs.js:31:28:31:42 | location.search |
| angularjs.js:31:28:31:35 | location | angularjs.js:31:28:31:42 | location.search |
| angularjs.js:31:28:31:35 | location | angularjs.js:31:28:31:42 | location.search |
| angularjs.js:31:28:31:35 | location | angularjs.js:31:28:31:42 | location.search |
| angularjs.js:34:18:34:25 | location | angularjs.js:34:18:34:32 | location.search |
| angularjs.js:34:18:34:25 | location | angularjs.js:34:18:34:32 | location.search |
| angularjs.js:34:18:34:25 | location | angularjs.js:34:18:34:32 | location.search |
| angularjs.js:34:18:34:25 | location | angularjs.js:34:18:34:32 | location.search |
| angularjs.js:40:18:40:25 | location | angularjs.js:40:18:40:32 | location.search |
| angularjs.js:40:18:40:25 | location | angularjs.js:40:18:40:32 | location.search |
| angularjs.js:40:18:40:25 | location | angularjs.js:40:18:40:32 | location.search |
| angularjs.js:40:18:40:25 | location | angularjs.js:40:18:40:32 | location.search |
| angularjs.js:44:17:44:24 | location | angularjs.js:44:17:44:31 | location.search |
| angularjs.js:44:17:44:24 | location | angularjs.js:44:17:44:31 | location.search |
| angularjs.js:44:17:44:24 | location | angularjs.js:44:17:44:31 | location.search |
| angularjs.js:44:17:44:24 | location | angularjs.js:44:17:44:31 | location.search |
| angularjs.js:47:16:47:23 | location | angularjs.js:47:16:47:30 | location.search |
| angularjs.js:47:16:47:23 | location | angularjs.js:47:16:47:30 | location.search |
| angularjs.js:47:16:47:23 | location | angularjs.js:47:16:47:30 | location.search |
| angularjs.js:47:16:47:23 | location | angularjs.js:47:16:47:30 | location.search |
| angularjs.js:50:22:50:29 | location | angularjs.js:50:22:50:36 | location.search |
| angularjs.js:50:22:50:29 | location | angularjs.js:50:22:50:36 | location.search |
| angularjs.js:50:22:50:29 | location | angularjs.js:50:22:50:36 | location.search |
| angularjs.js:50:22:50:29 | location | angularjs.js:50:22:50:36 | location.search |
| angularjs.js:53:32:53:39 | location | angularjs.js:53:32:53:46 | location.search |
| angularjs.js:53:32:53:39 | location | angularjs.js:53:32:53:46 | location.search |
| angularjs.js:53:32:53:39 | location | angularjs.js:53:32:53:46 | location.search |
| angularjs.js:53:32:53:39 | location | angularjs.js:53:32:53:46 | location.search |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
| tst.js:2:6:2:22 | document.location | tst.js:2:6:2:27 | documen ... on.href |
| tst.js:2:6:2:22 | document.location | tst.js:2:6:2:27 | documen ... on.href |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:5:12:5:28 | document.location | tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:5:12:5:28 | document.location | tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:5:12:5:28 | document.location | tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:5:12:5:28 | document.location | tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:14:10:14:26 | document.location | tst.js:14:10:14:33 | documen ... .search |
| tst.js:14:10:14:26 | document.location | tst.js:14:10:14:33 | documen ... .search |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:17:21:17:37 | document.location | tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:17:21:17:37 | document.location | tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:17:21:17:37 | document.location | tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:17:21:17:37 | document.location | tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:20:30:20:46 | document.location | tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:20:30:20:46 | document.location | tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:20:30:20:46 | document.location | tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:20:30:20:46 | document.location | tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:23:11:23:27 | document.location | tst.js:23:11:23:32 | documen ... on.hash |
| tst.js:23:11:23:27 | document.location | tst.js:23:11:23:32 | documen ... on.hash |
| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) |
| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:26:26:26:33 | location | tst.js:26:26:26:40 | location.search |
| tst.js:26:26:26:33 | location | tst.js:26:26:26:40 | location.search |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
#select
| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:10:22:10:29 | location | User-provided value |

127
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected
View File

@@ -1,96 +1,223 @@
nodes
| angularjs.js:10:22:10:29 | location |
| angularjs.js:10:22:10:29 | location |
| angularjs.js:10:22:10:36 | location.search |
| angularjs.js:10:22:10:36 | location.search |
| angularjs.js:13:23:13:30 | location |
| angularjs.js:13:23:13:30 | location |
| angularjs.js:13:23:13:37 | location.search |
| angularjs.js:13:23:13:37 | location.search |
| angularjs.js:16:28:16:35 | location |
| angularjs.js:16:28:16:35 | location |
| angularjs.js:16:28:16:42 | location.search |
| angularjs.js:16:28:16:42 | location.search |
| angularjs.js:19:22:19:29 | location |
| angularjs.js:19:22:19:29 | location |
| angularjs.js:19:22:19:36 | location.search |
| angularjs.js:19:22:19:36 | location.search |
| angularjs.js:22:27:22:34 | location |
| angularjs.js:22:27:22:34 | location |
| angularjs.js:22:27:22:41 | location.search |
| angularjs.js:22:27:22:41 | location.search |
| angularjs.js:25:23:25:30 | location |
| angularjs.js:25:23:25:30 | location |
| angularjs.js:25:23:25:37 | location.search |
| angularjs.js:25:23:25:37 | location.search |
| angularjs.js:28:33:28:40 | location |
| angularjs.js:28:33:28:40 | location |
| angularjs.js:28:33:28:47 | location.search |
| angularjs.js:28:33:28:47 | location.search |
| angularjs.js:31:28:31:35 | location |
| angularjs.js:31:28:31:35 | location |
| angularjs.js:31:28:31:42 | location.search |
| angularjs.js:31:28:31:42 | location.search |
| angularjs.js:34:18:34:25 | location |
| angularjs.js:34:18:34:25 | location |
| angularjs.js:34:18:34:32 | location.search |
| angularjs.js:34:18:34:32 | location.search |
| angularjs.js:40:18:40:25 | location |
| angularjs.js:40:18:40:25 | location |
| angularjs.js:40:18:40:32 | location.search |
| angularjs.js:40:18:40:32 | location.search |
| angularjs.js:44:17:44:24 | location |
| angularjs.js:44:17:44:24 | location |
| angularjs.js:44:17:44:31 | location.search |
| angularjs.js:44:17:44:31 | location.search |
| angularjs.js:47:16:47:23 | location |
| angularjs.js:47:16:47:23 | location |
| angularjs.js:47:16:47:30 | location.search |
| angularjs.js:47:16:47:30 | location.search |
| angularjs.js:50:22:50:29 | location |
| angularjs.js:50:22:50:29 | location |
| angularjs.js:50:22:50:36 | location.search |
| angularjs.js:50:22:50:36 | location.search |
| angularjs.js:53:32:53:39 | location |
| angularjs.js:53:32:53:39 | location |
| angularjs.js:53:32:53:46 | location.search |
| angularjs.js:53:32:53:46 | location.search |
| eslint-escope-build.js:20:22:20:22 | c |
| eslint-escope-build.js:20:22:20:22 | c |
| eslint-escope-build.js:21:16:21:16 | c |
| eslint-escope-build.js:21:16:21:16 | c |
| express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") |
| express.js:7:44:7:62 | req.param("wobble") |
| express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") |
| express.js:9:54:9:72 | req.param("wobble") |
| express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") |
| express.js:12:28:12:46 | req.param("wobble") |
| react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:8:32:8:38 | tainted |
| react-native.js:8:32:8:38 | tainted |
| react-native.js:10:23:10:29 | tainted |
| react-native.js:10:23:10:29 | tainted |
| tst.js:2:6:2:22 | document.location |
| tst.js:2:6:2:22 | document.location |
| tst.js:2:6:2:27 | documen ... on.href |
| tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:5:12:5:28 | document.location |
| tst.js:5:12:5:28 | document.location |
| tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:14:10:14:26 | document.location |
| tst.js:14:10:14:26 | document.location |
| tst.js:14:10:14:33 | documen ... .search |
| tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:17:21:17:37 | document.location |
| tst.js:17:21:17:37 | document.location |
| tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:20:30:20:46 | document.location |
| tst.js:20:30:20:46 | document.location |
| tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:23:11:23:27 | document.location |
| tst.js:23:11:23:27 | document.location |
| tst.js:23:11:23:32 | documen ... on.hash |
| tst.js:23:11:23:45 | documen ... ring(1) |
| tst.js:26:26:26:33 | location |
| tst.js:26:26:26:33 | location |
| tst.js:26:26:26:40 | location.search |
| tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:26:26:26:53 | locatio ... ring(1) |
edges
| angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search |
| angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search |
| angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search |
| angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search |
| angularjs.js:13:23:13:30 | location | angularjs.js:13:23:13:37 | location.search |
| angularjs.js:13:23:13:30 | location | angularjs.js:13:23:13:37 | location.search |
| angularjs.js:13:23:13:30 | location | angularjs.js:13:23:13:37 | location.search |
| angularjs.js:13:23:13:30 | location | angularjs.js:13:23:13:37 | location.search |
| angularjs.js:16:28:16:35 | location | angularjs.js:16:28:16:42 | location.search |
| angularjs.js:16:28:16:35 | location | angularjs.js:16:28:16:42 | location.search |
| angularjs.js:16:28:16:35 | location | angularjs.js:16:28:16:42 | location.search |
| angularjs.js:16:28:16:35 | location | angularjs.js:16:28:16:42 | location.search |
| angularjs.js:19:22:19:29 | location | angularjs.js:19:22:19:36 | location.search |
| angularjs.js:19:22:19:29 | location | angularjs.js:19:22:19:36 | location.search |
| angularjs.js:19:22:19:29 | location | angularjs.js:19:22:19:36 | location.search |
| angularjs.js:19:22:19:29 | location | angularjs.js:19:22:19:36 | location.search |
| angularjs.js:22:27:22:34 | location | angularjs.js:22:27:22:41 | location.search |
| angularjs.js:22:27:22:34 | location | angularjs.js:22:27:22:41 | location.search |
| angularjs.js:22:27:22:34 | location | angularjs.js:22:27:22:41 | location.search |
| angularjs.js:22:27:22:34 | location | angularjs.js:22:27:22:41 | location.search |
| angularjs.js:25:23:25:30 | location | angularjs.js:25:23:25:37 | location.search |
| angularjs.js:25:23:25:30 | location | angularjs.js:25:23:25:37 | location.search |
| angularjs.js:25:23:25:30 | location | angularjs.js:25:23:25:37 | location.search |
| angularjs.js:25:23:25:30 | location | angularjs.js:25:23:25:37 | location.search |
| angularjs.js:28:33:28:40 | location | angularjs.js:28:33:28:47 | location.search |
| angularjs.js:28:33:28:40 | location | angularjs.js:28:33:28:47 | location.search |
| angularjs.js:28:33:28:40 | location | angularjs.js:28:33:28:47 | location.search |
| angularjs.js:28:33:28:40 | location | angularjs.js:28:33:28:47 | location.search |
| angularjs.js:31:28:31:35 | location | angularjs.js:31:28:31:42 | location.search |
| angularjs.js:31:28:31:35 | location | angularjs.js:31:28:31:42 | location.search |
| angularjs.js:31:28:31:35 | location | angularjs.js:31:28:31:42 | location.search |
| angularjs.js:31:28:31:35 | location | angularjs.js:31:28:31:42 | location.search |
| angularjs.js:34:18:34:25 | location | angularjs.js:34:18:34:32 | location.search |
| angularjs.js:34:18:34:25 | location | angularjs.js:34:18:34:32 | location.search |
| angularjs.js:34:18:34:25 | location | angularjs.js:34:18:34:32 | location.search |
| angularjs.js:34:18:34:25 | location | angularjs.js:34:18:34:32 | location.search |
| angularjs.js:40:18:40:25 | location | angularjs.js:40:18:40:32 | location.search |
| angularjs.js:40:18:40:25 | location | angularjs.js:40:18:40:32 | location.search |
| angularjs.js:40:18:40:25 | location | angularjs.js:40:18:40:32 | location.search |
| angularjs.js:40:18:40:25 | location | angularjs.js:40:18:40:32 | location.search |
| angularjs.js:44:17:44:24 | location | angularjs.js:44:17:44:31 | location.search |
| angularjs.js:44:17:44:24 | location | angularjs.js:44:17:44:31 | location.search |
| angularjs.js:44:17:44:24 | location | angularjs.js:44:17:44:31 | location.search |
| angularjs.js:44:17:44:24 | location | angularjs.js:44:17:44:31 | location.search |
| angularjs.js:47:16:47:23 | location | angularjs.js:47:16:47:30 | location.search |
| angularjs.js:47:16:47:23 | location | angularjs.js:47:16:47:30 | location.search |
| angularjs.js:47:16:47:23 | location | angularjs.js:47:16:47:30 | location.search |
| angularjs.js:47:16:47:23 | location | angularjs.js:47:16:47:30 | location.search |
| angularjs.js:50:22:50:29 | location | angularjs.js:50:22:50:36 | location.search |
| angularjs.js:50:22:50:29 | location | angularjs.js:50:22:50:36 | location.search |
| angularjs.js:50:22:50:29 | location | angularjs.js:50:22:50:36 | location.search |
| angularjs.js:50:22:50:29 | location | angularjs.js:50:22:50:36 | location.search |
| angularjs.js:53:32:53:39 | location | angularjs.js:53:32:53:46 | location.search |
| angularjs.js:53:32:53:39 | location | angularjs.js:53:32:53:46 | location.search |
| angularjs.js:53:32:53:39 | location | angularjs.js:53:32:53:46 | location.search |
| angularjs.js:53:32:53:39 | location | angularjs.js:53:32:53:46 | location.search |
| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c |
| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c |
| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c |
| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
| tst.js:2:6:2:22 | document.location | tst.js:2:6:2:27 | documen ... on.href |
| tst.js:2:6:2:22 | document.location | tst.js:2:6:2:27 | documen ... on.href |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:5:12:5:28 | document.location | tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:5:12:5:28 | document.location | tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:5:12:5:28 | document.location | tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:5:12:5:28 | document.location | tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:14:10:14:26 | document.location | tst.js:14:10:14:33 | documen ... .search |
| tst.js:14:10:14:26 | document.location | tst.js:14:10:14:33 | documen ... .search |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:17:21:17:37 | document.location | tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:17:21:17:37 | document.location | tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:17:21:17:37 | document.location | tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:17:21:17:37 | document.location | tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:20:30:20:46 | document.location | tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:20:30:20:46 | document.location | tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:20:30:20:46 | document.location | tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:20:30:20:46 | document.location | tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:23:11:23:27 | document.location | tst.js:23:11:23:32 | documen ... on.hash |
| tst.js:23:11:23:27 | document.location | tst.js:23:11:23:32 | documen ... on.hash |
| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) |
| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:26:26:26:33 | location | tst.js:26:26:26:40 | location.search |
| tst.js:26:26:26:33 | location | tst.js:26:26:26:40 | location.search |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
#select
| eslint-escope-build.js:21:16:21:16 | c | eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | $@ flows to here and is interpreted as code. | eslint-escope-build.js:20:22:20:22 | c | User-provided value |

17
javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected
View File

@@ -1,41 +1,53 @@
nodes
| example.js:9:37:9:38 | ev |
| example.js:9:37:9:38 | ev |
| example.js:10:9:10:37 | message |
| example.js:10:19:10:37 | JSON.parse(ev.data) |
| example.js:10:30:10:31 | ev |
| example.js:10:30:10:36 | ev.data |
| example.js:13:5:13:24 | window[message.name] |
| example.js:13:5:13:24 | window[message.name] |
| example.js:13:12:13:18 | message |
| example.js:13:12:13:23 | message.name |
| tst.js:3:37:3:38 | ev |
| tst.js:3:37:3:38 | ev |
| tst.js:4:9:4:37 | message |
| tst.js:4:19:4:37 | JSON.parse(ev.data) |
| tst.js:4:30:4:31 | ev |
| tst.js:4:30:4:36 | ev.data |
| tst.js:5:5:5:24 | window[message.name] |
| tst.js:5:5:5:24 | window[message.name] |
| tst.js:5:12:5:18 | message |
| tst.js:5:12:5:23 | message.name |
| tst.js:6:9:6:28 | window[message.name] |
| tst.js:6:9:6:28 | window[message.name] |
| tst.js:6:16:6:22 | message |
| tst.js:6:16:6:27 | message.name |
| tst.js:11:5:11:19 | f[message.name] |
| tst.js:11:5:11:19 | f[message.name] |
| tst.js:11:7:11:13 | message |
| tst.js:11:7:11:18 | message.name |
| tst.js:15:5:15:14 | window[ev] |
| tst.js:15:5:15:14 | window[ev] |
| tst.js:15:12:15:13 | ev |
| tst.js:21:5:21:29 | window[ ... e.name] |
| tst.js:21:5:21:29 | window[ ... e.name] |
| tst.js:21:12:21:28 | '' + message.name |
| tst.js:21:17:21:23 | message |
| tst.js:21:17:21:28 | message.name |
edges
| example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev |
| example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev |
| example.js:10:9:10:37 | message | example.js:13:12:13:18 | message |
| example.js:10:19:10:37 | JSON.parse(ev.data) | example.js:10:9:10:37 | message |
| example.js:10:30:10:31 | ev | example.js:10:30:10:36 | ev.data |
| example.js:10:30:10:36 | ev.data | example.js:10:19:10:37 | JSON.parse(ev.data) |
| example.js:13:12:13:18 | message | example.js:13:12:13:23 | message.name |
| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] |
| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] |
| tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev |
| tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev |
| tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev |
| tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev |
| tst.js:4:9:4:37 | message | tst.js:5:12:5:18 | message |
| tst.js:4:9:4:37 | message | tst.js:6:16:6:22 | message |
@@ -46,11 +58,16 @@ edges
| tst.js:4:30:4:36 | ev.data | tst.js:4:19:4:37 | JSON.parse(ev.data) |
| tst.js:5:12:5:18 | message | tst.js:5:12:5:23 | message.name |
| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] |
| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] |
| tst.js:6:16:6:22 | message | tst.js:6:16:6:27 | message.name |
| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] |
| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] |
| tst.js:11:7:11:13 | message | tst.js:11:7:11:18 | message.name |
| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] |
| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] |
| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] |
| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] |
| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] |
| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] |
| tst.js:21:17:21:23 | message | tst.js:21:17:21:28 | message.name |
| tst.js:21:17:21:28 | message.name | tst.js:21:12:21:28 | '' + message.name |

20
javascript/ql/test/query-tests/Security/CWE-134/TaintedFormatString.expected
View File

@@ -1,42 +1,62 @@
nodes
| tst.js:5:15:5:30 | req.query.format |
| tst.js:5:15:5:30 | req.query.format |
| tst.js:5:15:5:30 | req.query.format |
| tst.js:6:26:6:41 | req.query.format |
| tst.js:6:26:6:41 | req.query.format |
| tst.js:6:26:6:41 | req.query.format |
| tst.js:7:15:7:30 | req.query.format |
| tst.js:7:15:7:30 | req.query.format |
| tst.js:7:15:7:30 | req.query.format |
| tst.js:8:17:8:32 | req.query.format |
| tst.js:8:17:8:32 | req.query.format |
| tst.js:8:17:8:32 | req.query.format |
| tst.js:9:16:9:31 | req.query.format |
| tst.js:9:16:9:31 | req.query.format |
| tst.js:9:16:9:31 | req.query.format |
| tst.js:10:12:10:27 | req.query.format |
| tst.js:10:12:10:27 | req.query.format |
| tst.js:10:12:10:27 | req.query.format |
| tst.js:11:32:11:47 | req.query.format |
| tst.js:11:32:11:47 | req.query.format |
| tst.js:11:32:11:47 | req.query.format |
| tst.js:12:21:12:36 | req.query.format |
| tst.js:12:21:12:36 | req.query.format |
| tst.js:12:21:12:36 | req.query.format |
| tst.js:13:35:13:50 | req.query.format |
| tst.js:13:35:13:50 | req.query.format |
| tst.js:13:35:13:50 | req.query.format |
| tst.js:14:29:14:44 | req.query.format |
| tst.js:14:29:14:44 | req.query.format |
| tst.js:14:29:14:44 | req.query.format |
| tst.js:15:30:15:45 | req.query.format |
| tst.js:15:30:15:45 | req.query.format |
| tst.js:15:30:15:45 | req.query.format |
| tst.js:16:26:16:41 | req.query.format |
| tst.js:16:26:16:41 | req.query.format |
| tst.js:16:26:16:41 | req.query.format |
| tst.js:17:30:17:45 | req.query.format |
| tst.js:17:30:17:45 | req.query.format |
| tst.js:17:30:17:45 | req.query.format |
| tst.js:18:38:18:53 | req.query.format |
| tst.js:18:38:18:53 | req.query.format |
| tst.js:18:38:18:53 | req.query.format |
| tst.js:20:17:20:32 | req.query.format |
| tst.js:20:17:20:32 | req.query.format |
| tst.js:20:17:20:32 | req.query.format |
| tst.js:21:16:21:31 | req.query.format |
| tst.js:21:16:21:31 | req.query.format |
| tst.js:21:16:21:31 | req.query.format |
| tst.js:22:17:22:32 | req.query.format |
| tst.js:22:17:22:32 | req.query.format |
| tst.js:22:17:22:32 | req.query.format |
| tst.js:24:25:24:40 | req.query.format |
| tst.js:24:25:24:40 | req.query.format |
| tst.js:24:25:24:40 | req.query.format |
| tst.js:25:33:25:48 | req.query.format |
| tst.js:25:33:25:48 | req.query.format |
| tst.js:25:33:25:48 | req.query.format |
| tst.js:26:34:26:49 | req.query.format |
| tst.js:26:34:26:49 | req.query.format |
| tst.js:26:34:26:49 | req.query.format |
edges

34
javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected
View File

@@ -1,43 +1,58 @@
nodes
| FileAccessToHttp.js:4:5:4:47 | content |
| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") |
| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") |
| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} |
| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} |
| FileAccessToHttp.js:9:12:9:31 | { Referer: content } |
| FileAccessToHttp.js:9:23:9:29 | content |
| bufferRead.js:12:13:12:43 | buffer |
| bufferRead.js:12:22:12:43 | new Buf ... s.size) |
| bufferRead.js:12:22:12:43 | new Buf ... s.size) |
| bufferRead.js:15:15:15:62 | postData |
| bufferRead.js:15:26:15:31 | buffer |
| bufferRead.js:15:26:15:62 | buffer. ... esRead) |
| bufferRead.js:33:21:33:28 | postData |
| bufferRead.js:33:21:33:28 | postData |
| googlecompiler.js:7:19:7:28 | codestring |
| googlecompiler.js:9:7:15:4 | post_data |
| googlecompiler.js:9:19:15:4 | queryst ... dy\\n }) |
| googlecompiler.js:9:41:15:3 | {\\n ... ody\\n } |
| googlecompiler.js:14:21:14:30 | codestring |
| googlecompiler.js:38:18:38:26 | post_data |
| googlecompiler.js:38:18:38:26 | post_data |
| googlecompiler.js:44:54:44:57 | data |
| googlecompiler.js:44:54:44:57 | data |
| googlecompiler.js:56:14:56:17 | data |
| readFileSync.js:5:5:5:39 | data |
| readFileSync.js:5:12:5:39 | fs.read ... t.txt") |
| readFileSync.js:5:12:5:39 | fs.read ... t.txt") |
| readFileSync.js:7:7:7:25 | s |
| readFileSync.js:7:11:7:14 | data |
| readFileSync.js:7:11:7:25 | data.toString() |
| readFileSync.js:26:18:26:18 | s |
| readFileSync.js:26:18:26:18 | s |
| readStreamRead.js:13:13:13:35 | chunk |
| readStreamRead.js:13:21:13:35 | readable.read() |
| readStreamRead.js:13:21:13:35 | readable.read() |
| readStreamRead.js:30:19:30:23 | chunk |
| readStreamRead.js:30:19:30:23 | chunk |
| request.js:6:19:6:26 | jsonData |
| request.js:8:11:8:20 | {jsonData} |
| request.js:8:11:8:20 | {jsonData} |
| request.js:8:12:8:19 | jsonData |
| request.js:13:18:13:24 | xmlData |
| request.js:16:11:23:3 | {\\n u ... ody\\n } |
| request.js:16:11:23:3 | {\\n u ... ody\\n } |
| request.js:22:11:22:17 | xmlData |
| request.js:28:52:28:55 | data |
| request.js:28:52:28:55 | data |
| request.js:35:14:35:17 | data |
| request.js:43:51:43:54 | data |
| request.js:43:51:43:54 | data |
| request.js:50:13:50:16 | data |
| sentAsHeaders.js:10:79:10:84 | buffer |
| sentAsHeaders.js:10:79:10:84 | buffer |
| sentAsHeaders.js:11:13:11:59 | content |
| sentAsHeaders.js:11:23:11:28 | buffer |
| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) |
@@ -46,46 +61,63 @@ nodes
| sentAsHeaders.js:12:19:12:74 | content ... =", "") |
| sentAsHeaders.js:12:19:12:81 | content ... .trim() |
| sentAsHeaders.js:14:20:19:9 | {\\n ... } |
| sentAsHeaders.js:14:20:19:9 | {\\n ... } |
| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } |
| sentAsHeaders.js:18:31:18:53 | "http:/ ... content |
| sentAsHeaders.js:18:47:18:53 | content |
| sentAsHeaders.js:20:20:25:9 | {\\n ... } |
| sentAsHeaders.js:20:20:25:9 | {\\n ... } |
| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } |
| sentAsHeaders.js:24:31:24:53 | "http:/ ... content |
| sentAsHeaders.js:24:47:24:53 | content |
edges
| FileAccessToHttp.js:4:5:4:47 | content | FileAccessToHttp.js:9:23:9:29 | content |
| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:4:5:4:47 | content |
| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:4:5:4:47 | content |
| FileAccessToHttp.js:9:12:9:31 | { Referer: content } | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} |
| FileAccessToHttp.js:9:12:9:31 | { Referer: content } | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} |
| FileAccessToHttp.js:9:23:9:29 | content | FileAccessToHttp.js:9:12:9:31 | { Referer: content } |
| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:15:26:15:31 | buffer |
| bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:12:13:12:43 | buffer |
| bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:12:13:12:43 | buffer |
| bufferRead.js:15:15:15:62 | postData | bufferRead.js:33:21:33:28 | postData |
| bufferRead.js:15:15:15:62 | postData | bufferRead.js:33:21:33:28 | postData |
| bufferRead.js:15:26:15:31 | buffer | bufferRead.js:15:26:15:62 | buffer. ... esRead) |
| bufferRead.js:15:26:15:62 | buffer. ... esRead) | bufferRead.js:15:15:15:62 | postData |
| googlecompiler.js:7:19:7:28 | codestring | googlecompiler.js:14:21:14:30 | codestring |
| googlecompiler.js:9:7:15:4 | post_data | googlecompiler.js:38:18:38:26 | post_data |
| googlecompiler.js:9:7:15:4 | post_data | googlecompiler.js:38:18:38:26 | post_data |
| googlecompiler.js:9:19:15:4 | queryst ... dy\\n }) | googlecompiler.js:9:7:15:4 | post_data |
| googlecompiler.js:9:41:15:3 | {\\n ... ody\\n } | googlecompiler.js:9:19:15:4 | queryst ... dy\\n }) |
| googlecompiler.js:14:21:14:30 | codestring | googlecompiler.js:9:41:15:3 | {\\n ... ody\\n } |
| googlecompiler.js:44:54:44:57 | data | googlecompiler.js:56:14:56:17 | data |
| googlecompiler.js:44:54:44:57 | data | googlecompiler.js:56:14:56:17 | data |
| googlecompiler.js:56:14:56:17 | data | googlecompiler.js:7:19:7:28 | codestring |
| readFileSync.js:5:5:5:39 | data | readFileSync.js:7:11:7:14 | data |
| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:5:5:5:39 | data |
| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:5:5:5:39 | data |
| readFileSync.js:7:7:7:25 | s | readFileSync.js:26:18:26:18 | s |
| readFileSync.js:7:7:7:25 | s | readFileSync.js:26:18:26:18 | s |
| readFileSync.js:7:11:7:14 | data | readFileSync.js:7:11:7:25 | data.toString() |
| readFileSync.js:7:11:7:25 | data.toString() | readFileSync.js:7:7:7:25 | s |
| readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:30:19:30:23 | chunk |
| readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:30:19:30:23 | chunk |
| readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:13:13:13:35 | chunk |
| readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:13:13:13:35 | chunk |
| request.js:6:19:6:26 | jsonData | request.js:8:12:8:19 | jsonData |
| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | {jsonData} |
| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | {jsonData} |
| request.js:13:18:13:24 | xmlData | request.js:22:11:22:17 | xmlData |
| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | {\\n u ... ody\\n } |
| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | {\\n u ... ody\\n } |
| request.js:28:52:28:55 | data | request.js:35:14:35:17 | data |
| request.js:28:52:28:55 | data | request.js:35:14:35:17 | data |
| request.js:35:14:35:17 | data | request.js:6:19:6:26 | jsonData |
| request.js:43:51:43:54 | data | request.js:50:13:50:16 | data |
| request.js:43:51:43:54 | data | request.js:50:13:50:16 | data |
| request.js:50:13:50:16 | data | request.js:13:18:13:24 | xmlData |
| sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:11:23:11:28 | buffer |
| sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:11:23:11:28 | buffer |
| sentAsHeaders.js:11:13:11:59 | content | sentAsHeaders.js:12:19:12:25 | content |
| sentAsHeaders.js:11:23:11:28 | buffer | sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) |
| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | sentAsHeaders.js:11:13:11:59 | content |
@@ -95,9 +127,11 @@ edges
| sentAsHeaders.js:12:19:12:74 | content ... =", "") | sentAsHeaders.js:12:19:12:81 | content ... .trim() |
| sentAsHeaders.js:12:19:12:81 | content ... .trim() | sentAsHeaders.js:12:9:12:81 | content |
| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } | sentAsHeaders.js:14:20:19:9 | {\\n ... } |
| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } | sentAsHeaders.js:14:20:19:9 | {\\n ... } |
| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } |
| sentAsHeaders.js:18:47:18:53 | content | sentAsHeaders.js:18:31:18:53 | "http:/ ... content |
| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } | sentAsHeaders.js:20:20:25:9 | {\\n ... } |
| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } | sentAsHeaders.js:20:20:25:9 | {\\n ... } |
| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } |
| sentAsHeaders.js:24:47:24:53 | content | sentAsHeaders.js:24:31:24:53 | "http:/ ... content |
#select

11
javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected
View File

@@ -1,20 +1,31 @@
nodes
| PostMessageStar2.js:1:27:1:34 | password |
| PostMessageStar2.js:1:27:1:34 | password |
| PostMessageStar2.js:1:27:1:34 | password |
| PostMessageStar2.js:4:7:4:15 | data |
| PostMessageStar2.js:4:14:4:15 | {} |
| PostMessageStar2.js:5:14:5:21 | password |
| PostMessageStar2.js:5:14:5:21 | password |
| PostMessageStar2.js:8:29:8:32 | data |
| PostMessageStar2.js:8:29:8:32 | data |
| PostMessageStar2.js:9:29:9:36 | data.foo |
| PostMessageStar2.js:9:29:9:36 | data.foo |
| PostMessageStar2.js:13:27:13:33 | authKey |
| PostMessageStar2.js:13:27:13:33 | authKey |
| PostMessageStar2.js:13:27:13:33 | authKey |
| PostMessageStar.js:1:27:1:34 | userName |
| PostMessageStar.js:1:27:1:34 | userName |
| PostMessageStar.js:1:27:1:34 | userName |
edges
| PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password |
| PostMessageStar2.js:4:7:4:15 | data | PostMessageStar2.js:8:29:8:32 | data |
| PostMessageStar2.js:4:7:4:15 | data | PostMessageStar2.js:8:29:8:32 | data |
| PostMessageStar2.js:4:14:4:15 | {} | PostMessageStar2.js:4:7:4:15 | data |
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:4:14:4:15 | {} |
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:4:14:4:15 | {} |
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo |
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo |
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo |
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo |
| PostMessageStar2.js:13:27:13:33 | authKey | PostMessageStar2.js:13:27:13:33 | authKey |
| PostMessageStar.js:1:27:1:34 | userName | PostMessageStar.js:1:27:1:34 | userName |

12
javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected
View File

@@ -1,21 +1,33 @@
nodes
| node.js:8:10:8:12 | err |
| node.js:8:10:8:12 | err |
| node.js:11:13:11:15 | err |
| node.js:11:13:11:21 | err.stack |
| node.js:11:13:11:21 | err.stack |
| tst.js:6:12:6:12 | e |
| tst.js:6:12:6:12 | e |
| tst.js:7:13:7:13 | e |
| tst.js:7:13:7:13 | e |
| tst.js:8:15:8:15 | e |
| tst.js:16:20:16:20 | e |
| tst.js:17:11:17:11 | e |
| tst.js:17:11:17:17 | e.stack |
| tst.js:17:11:17:17 | e.stack |
edges
| node.js:8:10:8:12 | err | node.js:11:13:11:15 | err |
| node.js:8:10:8:12 | err | node.js:11:13:11:15 | err |
| node.js:11:13:11:15 | err | node.js:11:13:11:21 | err.stack |
| node.js:11:13:11:15 | err | node.js:11:13:11:21 | err.stack |
| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e |
| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e |
| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e |
| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e |
| tst.js:6:12:6:12 | e | tst.js:8:15:8:15 | e |
| tst.js:6:12:6:12 | e | tst.js:8:15:8:15 | e |
| tst.js:8:15:8:15 | e | tst.js:16:20:16:20 | e |
| tst.js:16:20:16:20 | e | tst.js:17:11:17:11 | e |
| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack |
| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack |
#select
| node.js:11:13:11:21 | err.stack | node.js:8:10:8:12 | err | node.js:11:13:11:21 | err.stack | Stack trace information from $@ may be exposed to an external user here. | node.js:8:10:8:12 | err | here |
| tst.js:7:13:7:13 | e | tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | Stack trace information from $@ may be exposed to an external user here. | tst.js:6:12:6:12 | e | here |

108
javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
View File

@@ -1,115 +1,217 @@
nodes
| passwords.js:2:17:2:24 | password |
| passwords.js:2:17:2:24 | password |
| passwords.js:2:17:2:24 | password |
| passwords.js:3:17:3:26 | o.password |
| passwords.js:3:17:3:26 | o.password |
| passwords.js:3:17:3:26 | o.password |
| passwords.js:4:17:4:29 | getPassword() |
| passwords.js:4:17:4:29 | getPassword() |
| passwords.js:4:17:4:29 | getPassword() |
| passwords.js:5:17:5:31 | o.getPassword() |
| passwords.js:5:17:5:31 | o.getPassword() |
| passwords.js:5:17:5:31 | o.getPassword() |
| passwords.js:7:20:7:20 | x |
| passwords.js:8:21:8:21 | x |
| passwords.js:8:21:8:21 | x |
| passwords.js:10:11:10:18 | password |
| passwords.js:10:11:10:18 | password |
| passwords.js:12:18:12:25 | password |
| passwords.js:12:18:12:25 | password |
| passwords.js:12:18:12:25 | password |
| passwords.js:14:17:14:38 | name + ... assword |
| passwords.js:14:17:14:38 | name + ... assword |
| passwords.js:14:31:14:38 | password |
| passwords.js:14:31:14:38 | password |
| passwords.js:16:17:16:38 | `${name ... sword}` |
| passwords.js:16:17:16:38 | `${name ... sword}` |
| passwords.js:16:29:16:36 | password |
| passwords.js:16:29:16:36 | password |
| passwords.js:18:9:20:5 | obj1 |
| passwords.js:18:16:20:5 | {\\n ... x\\n } |
| passwords.js:18:16:20:5 | {\\n ... x\\n } |
| passwords.js:21:17:21:20 | obj1 |
| passwords.js:21:17:21:20 | obj1 |
| passwords.js:23:9:25:5 | obj2 |
| passwords.js:23:16:25:5 | {\\n ... d\\n } |
| passwords.js:24:12:24:19 | password |
| passwords.js:24:12:24:19 | password |
| passwords.js:26:17:26:20 | obj2 |
| passwords.js:26:17:26:20 | obj2 |
| passwords.js:28:9:28:17 | obj3 |
| passwords.js:28:16:28:17 | {} |
| passwords.js:29:17:29:20 | obj3 |
| passwords.js:29:17:29:20 | obj3 |
| passwords.js:30:14:30:21 | password |
| passwords.js:30:14:30:21 | password |
| passwords.js:77:37:77:53 | req.body.password |
| passwords.js:77:37:77:53 | req.body.password |
| passwords.js:78:17:78:38 | temp.en ... assword |
| passwords.js:78:17:78:38 | temp.en ... assword |
| passwords.js:80:9:80:25 | secret |
| passwords.js:80:18:80:25 | password |
| passwords.js:80:18:80:25 | password |
| passwords.js:81:17:81:31 | `pw: ${secret}` |
| passwords.js:81:17:81:31 | `pw: ${secret}` |
| passwords.js:81:24:81:29 | secret |
| passwords.js:93:21:93:46 | "Passwo ... assword |
| passwords.js:93:21:93:46 | "Passwo ... assword |
| passwords.js:93:39:93:46 | password |
| passwords.js:93:39:93:46 | password |
| passwords.js:98:21:98:46 | "Passwo ... assword |
| passwords.js:98:21:98:46 | "Passwo ... assword |
| passwords.js:98:39:98:46 | password |
| passwords.js:98:39:98:46 | password |
| passwords.js:105:21:105:46 | "Passwo ... assword |
| passwords.js:105:21:105:46 | "Passwo ... assword |
| passwords.js:105:39:105:46 | password |
| passwords.js:105:39:105:46 | password |
| passwords.js:110:21:110:46 | "Passwo ... assword |
| passwords.js:110:21:110:46 | "Passwo ... assword |
| passwords.js:110:39:110:46 | password |
| passwords.js:110:39:110:46 | password |
| passwords.js:114:25:114:50 | "Passwo ... assword |
| passwords.js:114:25:114:50 | "Passwo ... assword |
| passwords.js:114:43:114:50 | password |
| passwords.js:114:43:114:50 | password |
| passwords.js:119:21:119:46 | "Passwo ... assword |
| passwords.js:119:21:119:46 | "Passwo ... assword |
| passwords.js:119:39:119:46 | password |
| passwords.js:119:39:119:46 | password |
| passwords.js:122:17:122:49 | name + ... tring() |
| passwords.js:122:17:122:49 | name + ... tring() |
| passwords.js:122:31:122:38 | password |
| passwords.js:122:31:122:38 | password |
| passwords.js:122:31:122:49 | password.toString() |
| passwords.js:123:17:123:48 | name + ... lueOf() |
| passwords.js:123:17:123:48 | name + ... lueOf() |
| passwords.js:123:31:123:38 | password |
| passwords.js:123:31:123:38 | password |
| passwords.js:123:31:123:48 | password.valueOf() |
| passwords.js:127:9:132:5 | config |
| passwords.js:127:18:132:5 | {\\n ... )\\n } |
| passwords.js:127:18:132:5 | {\\n ... )\\n } |
| passwords.js:130:12:130:19 | password |
| passwords.js:130:12:130:19 | password |
| passwords.js:131:12:131:24 | getPassword() |
| passwords.js:131:12:131:24 | getPassword() |
| passwords.js:135:17:135:22 | config |
| passwords.js:135:17:135:22 | config |
| passwords.js:136:17:136:24 | config.x |
| passwords.js:136:17:136:24 | config.x |
| passwords.js:137:17:137:24 | config.y |
| passwords.js:137:17:137:24 | config.y |
| passwords_in_browser1.js:2:13:2:20 | password |
| passwords_in_browser1.js:2:13:2:20 | password |
| passwords_in_browser1.js:2:13:2:20 | password |
| passwords_in_browser2.js:2:13:2:20 | password |
| passwords_in_browser2.js:2:13:2:20 | password |
| passwords_in_browser2.js:2:13:2:20 | password |
| passwords_in_server_1.js:6:13:6:20 | password |
| passwords_in_server_1.js:6:13:6:20 | password |
| passwords_in_server_1.js:6:13:6:20 | password |
| passwords_in_server_2.js:3:13:3:20 | password |
| passwords_in_server_2.js:3:13:3:20 | password |
| passwords_in_server_2.js:3:13:3:20 | password |
| passwords_in_server_3.js:2:13:2:20 | password |
| passwords_in_server_3.js:2:13:2:20 | password |
| passwords_in_server_3.js:2:13:2:20 | password |
| passwords_in_server_4.js:2:13:2:20 | password |
| passwords_in_server_4.js:2:13:2:20 | password |
| passwords_in_server_4.js:2:13:2:20 | password |
| passwords_in_server_5.js:4:7:4:24 | req.query.password |
| passwords_in_server_5.js:4:7:4:24 | req.query.password |
| passwords_in_server_5.js:7:12:7:12 | x |
| passwords_in_server_5.js:8:17:8:17 | x |
| passwords_in_server_5.js:8:17:8:17 | x |
edges
| passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password |
| passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password |
| passwords.js:4:17:4:29 | getPassword() | passwords.js:4:17:4:29 | getPassword() |
| passwords.js:5:17:5:31 | o.getPassword() | passwords.js:5:17:5:31 | o.getPassword() |
| passwords.js:7:20:7:20 | x | passwords.js:8:21:8:21 | x |
| passwords.js:7:20:7:20 | x | passwords.js:8:21:8:21 | x |
| passwords.js:10:11:10:18 | password | passwords.js:7:20:7:20 | x |
| passwords.js:10:11:10:18 | password | passwords.js:7:20:7:20 | x |
| passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password |
| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword |
| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword |
| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword |
| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword |
| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` |
| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` |
| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` |
| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` |
| passwords.js:18:9:20:5 | obj1 | passwords.js:21:17:21:20 | obj1 |
| passwords.js:18:9:20:5 | obj1 | passwords.js:21:17:21:20 | obj1 |
| passwords.js:18:16:20:5 | {\\n ... x\\n } | passwords.js:18:9:20:5 | obj1 |
| passwords.js:18:16:20:5 | {\\n ... x\\n } | passwords.js:18:9:20:5 | obj1 |
| passwords.js:23:9:25:5 | obj2 | passwords.js:26:17:26:20 | obj2 |
| passwords.js:23:9:25:5 | obj2 | passwords.js:26:17:26:20 | obj2 |
| passwords.js:23:16:25:5 | {\\n ... d\\n } | passwords.js:23:9:25:5 | obj2 |
| passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n ... d\\n } |
| passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n ... d\\n } |
| passwords.js:28:9:28:17 | obj3 | passwords.js:29:17:29:20 | obj3 |
| passwords.js:28:9:28:17 | obj3 | passwords.js:29:17:29:20 | obj3 |
| passwords.js:28:16:28:17 | {} | passwords.js:28:9:28:17 | obj3 |
| passwords.js:30:14:30:21 | password | passwords.js:28:16:28:17 | {} |
| passwords.js:30:14:30:21 | password | passwords.js:28:16:28:17 | {} |
| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword |
| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword |
| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword |
| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword |
| passwords.js:80:9:80:25 | secret | passwords.js:81:24:81:29 | secret |
| passwords.js:80:18:80:25 | password | passwords.js:80:9:80:25 | secret |
| passwords.js:80:18:80:25 | password | passwords.js:80:9:80:25 | secret |
| passwords.js:81:24:81:29 | secret | passwords.js:81:17:81:31 | `pw: ${secret}` |
| passwords.js:81:24:81:29 | secret | passwords.js:81:17:81:31 | `pw: ${secret}` |
| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword |
| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword |
| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword |
| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword |
| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword |
| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword |
| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword |
| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword |
| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword |
| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword |
| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword |
| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword |
| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword |
| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword |
| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword |
| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword |
| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword |
| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword |
| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword |
| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword |
| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword |
| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword |
| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword |
| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword |
| passwords.js:122:31:122:38 | password | passwords.js:122:31:122:49 | password.toString() |
| passwords.js:122:31:122:38 | password | passwords.js:122:31:122:49 | password.toString() |
| passwords.js:122:31:122:49 | password.toString() | passwords.js:122:17:122:49 | name + ... tring() |
| passwords.js:122:31:122:49 | password.toString() | passwords.js:122:17:122:49 | name + ... tring() |
| passwords.js:123:31:123:38 | password | passwords.js:123:31:123:48 | password.valueOf() |
| passwords.js:123:31:123:38 | password | passwords.js:123:31:123:48 | password.valueOf() |
| passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name + ... lueOf() |
| passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name + ... lueOf() |
| passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config |
| passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config |
| passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:127:9:132:5 | config |
| passwords.js:130:12:130:19 | password | passwords.js:127:9:132:5 | config |
| passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:127:9:132:5 | config |
| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } |
| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } |
| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x |
| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:9:132:5 | config |
| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x |
| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x |
| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x |
| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } |
| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } |
| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y |
| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y |
| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y |
| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y |
| passwords_in_browser1.js:2:13:2:20 | password | passwords_in_browser1.js:2:13:2:20 | password |
| passwords_in_browser2.js:2:13:2:20 | password | passwords_in_browser2.js:2:13:2:20 | password |
@@ -118,6 +220,8 @@ edges
| passwords_in_server_3.js:2:13:2:20 | password | passwords_in_server_3.js:2:13:2:20 | password |
| passwords_in_server_4.js:2:13:2:20 | password | passwords_in_server_4.js:2:13:2:20 | password |
| passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x |
| passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x |
| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x |
| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x |
#select
| passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password | Sensitive data returned by $@ is logged here. | passwords.js:2:17:2:24 | password | an access to password |

16
javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected
View File

@@ -1,32 +1,48 @@
nodes
| CleartextStorage2.js:5:7:5:58 | pw |
| CleartextStorage2.js:5:12:5:58 | url.par ... assword |
| CleartextStorage2.js:5:12:5:58 | url.par ... assword |
| CleartextStorage2.js:7:19:7:34 | 'password=' + pw |
| CleartextStorage2.js:7:19:7:34 | 'password=' + pw |
| CleartextStorage2.js:7:33:7:34 | pw |
| CleartextStorage.js:5:7:5:40 | pw |
| CleartextStorage.js:5:12:5:40 | req.par ... sword") |
| CleartextStorage.js:5:12:5:40 | req.par ... sword") |
| CleartextStorage.js:7:26:7:27 | pw |
| CleartextStorage.js:7:26:7:27 | pw |
| tst-angularjs.js:3:32:3:45 | data1.password |
| tst-angularjs.js:3:32:3:45 | data1.password |
| tst-angularjs.js:3:32:3:45 | data1.password |
| tst-angularjs.js:4:33:4:46 | data2.password |
| tst-angularjs.js:4:33:4:46 | data2.password |
| tst-angularjs.js:4:33:4:46 | data2.password |
| tst-angularjs.js:5:27:5:40 | data3.password |
| tst-angularjs.js:5:27:5:40 | data3.password |
| tst-angularjs.js:5:27:5:40 | data3.password |
| tst-angularjs.js:6:33:6:46 | data4.password |
| tst-angularjs.js:6:33:6:46 | data4.password |
| tst-angularjs.js:6:33:6:46 | data4.password |
| tst-webstorage.js:1:18:1:30 | data.password |
| tst-webstorage.js:1:18:1:30 | data.password |
| tst-webstorage.js:1:18:1:30 | data.password |
| tst-webstorage.js:2:27:2:39 | data.password |
| tst-webstorage.js:2:27:2:39 | data.password |
| tst-webstorage.js:2:27:2:39 | data.password |
| tst-webstorage.js:3:20:3:32 | data.password |
| tst-webstorage.js:3:20:3:32 | data.password |
| tst-webstorage.js:3:20:3:32 | data.password |
| tst-webstorage.js:4:29:4:41 | data.password |
| tst-webstorage.js:4:29:4:41 | data.password |
| tst-webstorage.js:4:29:4:41 | data.password |
edges
| CleartextStorage2.js:5:7:5:58 | pw | CleartextStorage2.js:7:33:7:34 | pw |
| CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw |
| CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw |
| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw |
| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw |
| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw |
| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw |
| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw |
| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw |
| tst-angularjs.js:3:32:3:45 | data1.password | tst-angularjs.js:3:32:3:45 | data1.password |
| tst-angularjs.js:4:33:4:46 | data2.password | tst-angularjs.js:4:33:4:46 | data2.password |

6
javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected
View File

@@ -1,14 +1,20 @@
nodes
| tst.js:3:5:3:24 | secretText |
| tst.js:3:18:3:24 | trusted |
| tst.js:3:18:3:24 | trusted |
| tst.js:11:17:11:26 | secretText |
| tst.js:11:17:11:26 | secretText |
| tst.js:11:17:11:26 | secretText |
| tst.js:17:17:17:25 | o.trusted |
| tst.js:17:17:17:25 | o.trusted |
| tst.js:17:17:17:25 | o.trusted |
| tst.js:19:17:19:24 | password |
| tst.js:19:17:19:24 | password |
| tst.js:19:17:19:24 | password |
edges
| tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText |
| tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText |
| tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText |
| tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText |
| tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText |
| tst.js:17:17:17:25 | o.trusted | tst.js:17:17:17:25 | o.trusted |

45
javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected
View File

@@ -1,72 +1,117 @@
nodes
| tst.js:2:20:2:32 | Math.random() |
| tst.js:2:20:2:32 | Math.random() |
| tst.js:2:20:2:32 | Math.random() |
| tst.js:6:20:6:43 | "prefix ... andom() |
| tst.js:6:20:6:43 | "prefix ... andom() |
| tst.js:6:31:6:43 | Math.random() |
| tst.js:6:31:6:43 | Math.random() |
| tst.js:10:20:10:32 | Math.random() |
| tst.js:10:20:10:32 | Math.random() |
| tst.js:10:20:10:32 | Math.random() |
| tst.js:19:9:19:36 | suffix |
| tst.js:19:18:19:30 | Math.random() |
| tst.js:19:18:19:30 | Math.random() |
| tst.js:19:18:19:36 | Math.random() % 255 |
| tst.js:20:20:20:36 | "prefix" + suffix |
| tst.js:20:20:20:36 | "prefix" + suffix |
| tst.js:20:31:20:36 | suffix |
| tst.js:28:9:28:26 | pw |
| tst.js:28:14:28:26 | Math.random() |
| tst.js:28:14:28:26 | Math.random() |
| tst.js:29:20:29:21 | pw |
| tst.js:29:20:29:21 | pw |
| tst.js:41:20:41:33 | !Math.random() |
| tst.js:41:20:41:33 | !Math.random() |
| tst.js:41:21:41:33 | Math.random() |
| tst.js:41:21:41:33 | Math.random() |
| tst.js:45:18:45:30 | Math.random() |
| tst.js:45:18:45:30 | Math.random() |
| tst.js:45:18:45:30 | Math.random() |
| tst.js:50:16:50:28 | Math.random() |
| tst.js:50:16:50:28 | Math.random() |
| tst.js:50:16:50:28 | Math.random() |
| tst.js:55:17:55:29 | Math.random() |
| tst.js:55:17:55:29 | Math.random() |
| tst.js:55:17:55:29 | Math.random() |
| tst.js:61:17:61:34 | '' + Math.random() |
| tst.js:61:17:61:34 | '' + Math.random() |
| tst.js:61:22:61:34 | Math.random() |
| tst.js:61:22:61:34 | Math.random() |
| tst.js:66:18:66:42 | Math.fl ... ndom()) |
| tst.js:66:18:66:42 | Math.fl ... ndom()) |
| tst.js:66:29:66:41 | Math.random() |
| tst.js:66:29:66:41 | Math.random() |
| tst.js:71:9:71:48 | rand |
| tst.js:71:16:71:48 | Math.fl ... 999999) |
| tst.js:71:27:71:39 | Math.random() |
| tst.js:71:27:71:39 | Math.random() |
| tst.js:71:27:71:47 | Math.ra ... 9999999 |
| tst.js:72:9:72:48 | concat |
| tst.js:72:18:72:48 | ts.toSt ... tring() |
| tst.js:72:34:72:37 | rand |
| tst.js:72:34:72:48 | rand.toString() |
| tst.js:73:23:73:28 | concat |
| tst.js:73:23:73:28 | concat |
| tst.js:77:16:77:21 | secret |
| tst.js:77:16:77:21 | secret |
| tst.js:80:7:80:19 | Math.random() |
| tst.js:80:7:80:19 | Math.random() |
| tst.js:84:19:84:31 | Math.random() |
| tst.js:84:19:84:31 | Math.random() |
| tst.js:84:19:84:31 | Math.random() |
| tst.js:90:32:90:44 | Math.random() |
| tst.js:90:32:90:44 | Math.random() |
| tst.js:90:32:90:44 | Math.random() |
| tst.js:95:33:95:45 | Math.random() |
| tst.js:95:33:95:45 | Math.random() |
| tst.js:95:33:95:45 | Math.random() |
edges
| tst.js:2:20:2:32 | Math.random() | tst.js:2:20:2:32 | Math.random() |
| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() |
| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() |
| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() |
| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() |
| tst.js:10:20:10:32 | Math.random() | tst.js:10:20:10:32 | Math.random() |
| tst.js:19:9:19:36 | suffix | tst.js:20:31:20:36 | suffix |
| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 |
| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 |
| tst.js:19:18:19:36 | Math.random() % 255 | tst.js:19:9:19:36 | suffix |
| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix |
| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix |
| tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw |
| tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw |
| tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw |
| tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw |
| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() |
| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() |
| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() |
| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() |
| tst.js:45:18:45:30 | Math.random() | tst.js:45:18:45:30 | Math.random() |
| tst.js:50:16:50:28 | Math.random() | tst.js:50:16:50:28 | Math.random() |
| tst.js:55:17:55:29 | Math.random() | tst.js:55:17:55:29 | Math.random() |
| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() |
| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() |
| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() |
| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() |
| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) |
| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) |
| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) |
| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) |
| tst.js:71:9:71:48 | rand | tst.js:72:34:72:37 | rand |
| tst.js:71:16:71:48 | Math.fl ... 999999) | tst.js:71:9:71:48 | rand |
| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 |
| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 |
| tst.js:71:27:71:47 | Math.ra ... 9999999 | tst.js:71:16:71:48 | Math.fl ... 999999) |
| tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat |
| tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat |
| tst.js:72:18:72:48 | ts.toSt ... tring() | tst.js:72:9:72:48 | concat |
| tst.js:72:34:72:37 | rand | tst.js:72:34:72:48 | rand.toString() |
| tst.js:72:34:72:48 | rand.toString() | tst.js:72:18:72:48 | ts.toSt ... tring() |
| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret |
| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret |
| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret |
| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret |
| tst.js:84:19:84:31 | Math.random() | tst.js:84:19:84:31 | Math.random() |
| tst.js:90:32:90:44 | Math.random() | tst.js:90:32:90:44 | Math.random() |
| tst.js:95:33:95:45 | Math.random() | tst.js:95:33:95:45 | Math.random() |

6
javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected
View File

@@ -4,17 +4,23 @@ nodes
| tst.js:12:18:12:47 | url.par ... ).query |
| tst.js:12:18:12:54 | url.par ... .origin |
| tst.js:12:28:12:34 | req.url |
| tst.js:12:28:12:34 | req.url |
| tst.js:13:50:13:55 | origin |
| tst.js:13:50:13:55 | origin |
| tst.js:18:50:18:53 | null |
| tst.js:18:50:18:53 | null |
| tst.js:18:50:18:53 | null |
| tst.js:23:50:23:55 | "null" |
| tst.js:23:50:23:55 | "null" |
| tst.js:23:50:23:55 | "null" |
edges
| tst.js:12:9:12:54 | origin | tst.js:13:50:13:55 | origin |
| tst.js:12:9:12:54 | origin | tst.js:13:50:13:55 | origin |
| tst.js:12:18:12:41 | url.par ... , true) | tst.js:12:18:12:47 | url.par ... ).query |
| tst.js:12:18:12:47 | url.par ... ).query | tst.js:12:18:12:54 | url.par ... .origin |
| tst.js:12:18:12:54 | url.par ... .origin | tst.js:12:9:12:54 | origin |
| tst.js:12:28:12:34 | req.url | tst.js:12:18:12:41 | url.par ... , true) |
| tst.js:12:28:12:34 | req.url | tst.js:12:18:12:41 | url.par ... , true) |
| tst.js:18:50:18:53 | null | tst.js:18:50:18:53 | null |
| tst.js:23:50:23:55 | "null" | tst.js:23:50:23:55 | "null" |
#select

14
javascript/ql/test/query-tests/Security/CWE-400/PrototypePollution.expected
View File

@@ -1,22 +1,36 @@
nodes
| angularmerge.js:1:30:1:34 | event |
| angularmerge.js:1:30:1:34 | event |
| angularmerge.js:2:21:2:42 | JSON.pa ... t.data) |
| angularmerge.js:2:21:2:42 | JSON.pa ... t.data) |
| angularmerge.js:2:32:2:36 | event |
| angularmerge.js:2:32:2:41 | event.data |
| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo |
| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo |
| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo |
| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } |
| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } |
| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value |
| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value |
| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value |
| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value |
| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } |
| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } |
| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing |
edges
| angularmerge.js:1:30:1:34 | event | angularmerge.js:2:32:2:36 | event |
| angularmerge.js:1:30:1:34 | event | angularmerge.js:2:32:2:36 | event |
| angularmerge.js:2:32:2:36 | event | angularmerge.js:2:32:2:41 | event.data |
| angularmerge.js:2:32:2:41 | event.data | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) |
| angularmerge.js:2:32:2:41 | event.data | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) |
| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo |
| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } |
| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } |
| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } |
| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } |
| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing |
| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing |
| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } |
| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } |
#select
| angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | angularmerge.js:1:30:1:34 | event | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | Prototype pollution caused by merging a user-controlled value from $@ using a vulnerable version of $@. | angularmerge.js:1:30:1:34 | event | here | angularmerge.js:2:3:2:43 | angular ... .data)) | angular |

14
javascript/ql/test/query-tests/Security/CWE-400/RemotePropertyInjection.expected
View File

@@ -2,21 +2,35 @@ nodes
| tst.js:8:6:8:52 | prop |
| tst.js:8:13:8:52 | myCoolL ... rolled) |
| tst.js:8:28:8:51 | req.que ... trolled |
| tst.js:8:28:8:51 | req.que ... trolled |
| tst.js:9:8:9:11 | prop |
| tst.js:9:8:9:11 | prop |
| tst.js:13:15:13:18 | prop |
| tst.js:13:15:13:18 | prop |
| tst.js:14:31:14:34 | prop |
| tst.js:14:31:14:34 | prop |
| tst.js:16:10:16:13 | prop |
| tst.js:16:10:16:13 | prop |
| tstNonExpr.js:5:7:5:23 | userVal |
| tstNonExpr.js:5:17:5:23 | req.url |
| tstNonExpr.js:5:17:5:23 | req.url |
| tstNonExpr.js:8:17:8:23 | userVal |
| tstNonExpr.js:8:17:8:23 | userVal |
edges
| tst.js:8:6:8:52 | prop | tst.js:9:8:9:11 | prop |
| tst.js:8:6:8:52 | prop | tst.js:9:8:9:11 | prop |
| tst.js:8:6:8:52 | prop | tst.js:13:15:13:18 | prop |
| tst.js:8:6:8:52 | prop | tst.js:13:15:13:18 | prop |
| tst.js:8:6:8:52 | prop | tst.js:14:31:14:34 | prop |
| tst.js:8:6:8:52 | prop | tst.js:14:31:14:34 | prop |
| tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop |
| tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop |
| tst.js:8:13:8:52 | myCoolL ... rolled) | tst.js:8:6:8:52 | prop |
| tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) |
| tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) |
| tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal |
| tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal |
| tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal |
| tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal |
#select
| tst.js:9:8:9:11 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:9:8:9:11 | prop | A $@ is used as a property name to write to. | tst.js:8:28:8:51 | req.que ... trolled | user-provided value |

4
javascript/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected
View File

@@ -1,10 +1,14 @@
nodes
| tst.js:7:22:7:36 | req.params.data |
| tst.js:7:22:7:36 | req.params.data |
| tst.js:7:22:7:36 | req.params.data |
| tst.js:8:25:8:39 | req.params.data |
| tst.js:8:25:8:39 | req.params.data |
| tst.js:8:25:8:39 | req.params.data |
| tst.js:12:26:12:40 | req.params.data |
| tst.js:12:26:12:40 | req.params.data |
| tst.js:12:26:12:40 | req.params.data |
| tst.js:13:29:13:43 | req.params.data |
| tst.js:13:29:13:43 | req.params.data |
| tst.js:13:29:13:43 | req.params.data |
edges

18
javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected
View File

@@ -1,26 +1,44 @@
nodes
| event-stream-orig.js:2:1113:2:1139 | e("2e2f ... 17461") |
| event-stream-orig.js:2:1113:2:1139 | e("2e2f ... 17461") |
| event-stream-orig.js:2:1115:2:1138 | "2e2f74 ... 617461" |
| event-stream-orig.js:2:1115:2:1138 | "2e2f74 ... 617461" |
| event-stream.js:9:11:9:37 | e("2e2f ... 17461") |
| event-stream.js:9:11:9:37 | e("2e2f ... 17461") |
| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" |
| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" |
| tst.js:1:5:1:88 | totallyHarmlessString |
| tst.js:1:29:1:88 | '636f6e ... 6e2729' |
| tst.js:1:29:1:88 | '636f6e ... 6e2729' |
| tst.js:2:6:2:46 | Buffer. ... 'hex') |
| tst.js:2:6:2:57 | Buffer. ... tring() |
| tst.js:2:6:2:57 | Buffer. ... tring() |
| tst.js:2:18:2:38 | totally ... sString |
| tst.js:5:5:5:23 | test |
| tst.js:5:12:5:23 | "0123456789" |
| tst.js:5:12:5:23 | "0123456789" |
| tst.js:7:8:7:11 | test |
| tst.js:7:8:7:15 | test+"n" |
| tst.js:7:8:7:15 | test+"n" |
edges
| event-stream-orig.js:2:1115:2:1138 | "2e2f74 ... 617461" | event-stream-orig.js:2:1113:2:1139 | e("2e2f ... 17461") |
| event-stream-orig.js:2:1115:2:1138 | "2e2f74 ... 617461" | event-stream-orig.js:2:1113:2:1139 | e("2e2f ... 17461") |
| event-stream-orig.js:2:1115:2:1138 | "2e2f74 ... 617461" | event-stream-orig.js:2:1113:2:1139 | e("2e2f ... 17461") |
| event-stream-orig.js:2:1115:2:1138 | "2e2f74 ... 617461" | event-stream-orig.js:2:1113:2:1139 | e("2e2f ... 17461") |
| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") |
| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") |
| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") |
| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") |
| tst.js:1:5:1:88 | totallyHarmlessString | tst.js:2:18:2:38 | totally ... sString |
| tst.js:1:29:1:88 | '636f6e ... 6e2729' | tst.js:1:5:1:88 | totallyHarmlessString |
| tst.js:1:29:1:88 | '636f6e ... 6e2729' | tst.js:1:5:1:88 | totallyHarmlessString |
| tst.js:2:6:2:46 | Buffer. ... 'hex') | tst.js:2:6:2:57 | Buffer. ... tring() |
| tst.js:2:6:2:46 | Buffer. ... 'hex') | tst.js:2:6:2:57 | Buffer. ... tring() |
| tst.js:2:18:2:38 | totally ... sString | tst.js:2:6:2:46 | Buffer. ... 'hex') |
| tst.js:5:5:5:23 | test | tst.js:7:8:7:11 | test |
| tst.js:5:12:5:23 | "0123456789" | tst.js:5:5:5:23 | test |
| tst.js:5:12:5:23 | "0123456789" | tst.js:5:5:5:23 | test |
| tst.js:7:8:7:11 | test | tst.js:7:8:7:15 | test+"n" |
| tst.js:7:8:7:11 | test | tst.js:7:8:7:15 | test+"n" |
#select
| event-stream-orig.js:2:1113:2:1139 | e("2e2f ... 17461") | event-stream-orig.js:2:1115:2:1138 | "2e2f74 ... 617461" | event-stream-orig.js:2:1113:2:1139 | e("2e2f ... 17461") | Hard-coded data from $@ is interpreted as an import path. | event-stream-orig.js:2:1115:2:1138 | "2e2f74 ... 617461" | here |

63
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected
View File

@@ -2,75 +2,132 @@ nodes
| tst2.js:2:7:2:33 | href |
| tst2.js:2:7:2:33 | href |
| tst2.js:2:14:2:28 | window.location |
| tst2.js:2:14:2:28 | window.location |
| tst2.js:2:14:2:28 | window.location |
| tst2.js:2:14:2:33 | window.location.href |
| tst2.js:2:14:2:33 | window.location.href |
| tst2.js:4:21:4:24 | href |
| tst2.js:4:21:4:24 | href |
| tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst6.js:2:7:2:45 | redirect |
| tst6.js:2:18:2:45 | $locati ... irect') |
| tst6.js:2:18:2:45 | $locati ... irect') |
| tst6.js:4:21:4:28 | redirect |
| tst6.js:4:21:4:28 | redirect |
| tst6.js:6:17:6:24 | redirect |
| tst6.js:6:17:6:24 | redirect |
| tst6.js:8:21:8:48 | $locati ... irect') |
| tst6.js:8:21:8:48 | $locati ... irect') |
| tst6.js:8:21:8:56 | $locati ... + "foo" |
| tst6.js:8:21:8:56 | $locati ... + "foo" |
| tst7.js:2:12:2:28 | document.location |
| tst7.js:2:12:2:28 | document.location |
| tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:5:27:5:43 | document.location |
| tst7.js:5:27:5:43 | document.location |
| tst7.js:5:27:5:50 | documen ... .search |
| tst7.js:5:27:5:50 | documen ... .search |
| tst9.js:2:21:2:37 | document.location |
| tst9.js:2:21:2:37 | document.location |
| tst9.js:2:21:2:37 | document.location |
| tst9.js:2:21:2:42 | documen ... on.hash |
| tst9.js:2:21:2:55 | documen ... ring(1) |
| tst9.js:2:21:2:55 | documen ... ring(1) |
| tst10.js:5:17:5:46 | '/' + d ... .search |
| tst10.js:5:17:5:46 | '/' + d ... .search |
| tst10.js:5:23:5:39 | document.location |
| tst10.js:5:23:5:39 | document.location |
| tst10.js:5:23:5:46 | documen ... .search |
| tst10.js:8:17:8:47 | '//' + ... .search |
| tst10.js:8:17:8:47 | '//' + ... .search |
| tst10.js:8:24:8:40 | document.location |
| tst10.js:8:24:8:40 | document.location |
| tst10.js:8:24:8:47 | documen ... .search |
| tst10.js:11:17:11:50 | '//foo' ... .search |
| tst10.js:11:17:11:50 | '//foo' ... .search |
| tst10.js:11:27:11:43 | document.location |
| tst10.js:11:27:11:43 | document.location |
| tst10.js:11:27:11:50 | documen ... .search |
| tst10.js:14:17:14:56 | 'https: ... .search |
| tst10.js:14:17:14:56 | 'https: ... .search |
| tst10.js:14:33:14:49 | document.location |
| tst10.js:14:33:14:49 | document.location |
| tst10.js:14:33:14:56 | documen ... .search |
| tst.js:2:19:2:69 | /.*redi ... n.href) |
| tst.js:2:19:2:72 | /.*redi ... ref)[1] |
| tst.js:2:19:2:72 | /.*redi ... ref)[1] |
| tst.js:2:47:2:63 | document.location |
| tst.js:2:47:2:63 | document.location |
| tst.js:2:47:2:68 | documen ... on.href |
| tst.js:6:20:6:56 | indirec ... n.href) |
| tst.js:6:20:6:59 | indirec ... ref)[1] |
| tst.js:6:20:6:59 | indirec ... ref)[1] |
| tst.js:6:34:6:50 | document.location |
| tst.js:6:34:6:50 | document.location |
| tst.js:6:34:6:55 | documen ... on.href |
edges
| tst2.js:2:7:2:33 | href | tst2.js:4:21:4:24 | href |
| tst2.js:2:7:2:33 | href | tst2.js:4:21:4:24 | href |
| tst2.js:2:14:2:28 | window.location | tst2.js:2:14:2:33 | window.location.href |
| tst2.js:2:14:2:28 | window.location | tst2.js:2:14:2:33 | window.location.href |
| tst2.js:2:14:2:28 | window.location | tst2.js:2:14:2:33 | window.location.href |
| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href |
| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href |
| tst2.js:4:21:4:24 | href | tst2.js:2:14:2:33 | window.location.href |
| tst2.js:4:21:4:24 | href | tst2.js:2:14:2:33 | window.location.href |
| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst2.js:4:21:4:55 | href.su ... '?')+1) | tst2.js:2:14:2:28 | window.location |
| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect |
| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect |
| tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect |
| tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect |
| tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:2:7:2:45 | redirect |
| tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:2:7:2:45 | redirect |
| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" |
| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" |
| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" |
| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" |
| tst7.js:2:12:2:28 | document.location | tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:2:12:2:28 | document.location | tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:2:12:2:28 | document.location | tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:2:12:2:28 | document.location | tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:5:27:5:43 | document.location | tst7.js:5:27:5:50 | documen ... .search |
| tst7.js:5:27:5:43 | document.location | tst7.js:5:27:5:50 | documen ... .search |
| tst7.js:5:27:5:43 | document.location | tst7.js:5:27:5:50 | documen ... .search |
| tst7.js:5:27:5:43 | document.location | tst7.js:5:27:5:50 | documen ... .search |
| tst9.js:2:21:2:37 | document.location | tst9.js:2:21:2:42 | documen ... on.hash |
| tst9.js:2:21:2:37 | document.location | tst9.js:2:21:2:42 | documen ... on.hash |
| tst9.js:2:21:2:37 | document.location | tst9.js:2:21:2:42 | documen ... on.hash |
| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:42 | documen ... on.hash |
| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) |
| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) |
| tst9.js:2:21:2:55 | documen ... ring(1) | tst9.js:2:21:2:37 | document.location |
| tst10.js:5:23:5:39 | document.location | tst10.js:5:23:5:46 | documen ... .search |
| tst10.js:5:23:5:39 | document.location | tst10.js:5:23:5:46 | documen ... .search |
| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search |
| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search |
| tst10.js:8:24:8:40 | document.location | tst10.js:8:24:8:47 | documen ... .search |
| tst10.js:8:24:8:40 | document.location | tst10.js:8:24:8:47 | documen ... .search |
| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search |
| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search |
| tst10.js:11:27:11:43 | document.location | tst10.js:11:27:11:50 | documen ... .search |
| tst10.js:11:27:11:43 | document.location | tst10.js:11:27:11:50 | documen ... .search |
| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search |
| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search |
| tst10.js:14:33:14:49 | document.location | tst10.js:14:33:14:56 | documen ... .search |
| tst10.js:14:33:14:49 | document.location | tst10.js:14:33:14:56 | documen ... .search |
| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search |
| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search |
| tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] |
| tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] |
| tst.js:2:47:2:63 | document.location | tst.js:2:47:2:68 | documen ... on.href |
| tst.js:2:47:2:63 | document.location | tst.js:2:47:2:68 | documen ... on.href |
| tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:69 | /.*redi ... n.href) |
| tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] |
| tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] |
| tst.js:6:34:6:50 | document.location | tst.js:6:34:6:55 | documen ... on.href |
| tst.js:6:34:6:50 | document.location | tst.js:6:34:6:55 | documen ... on.href |
| tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:56 | indirec ... n.href) |
#select

69
javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected
View File

@@ -1,46 +1,74 @@
nodes
| express.js:7:16:7:34 | req.param("target") |
| express.js:7:16:7:34 | req.param("target") |
| express.js:7:16:7:34 | req.param("target") |
| express.js:12:26:12:44 | req.param("target") |
| express.js:12:26:12:44 | req.param("target") |
| express.js:12:26:12:44 | req.param("target") |
| express.js:27:7:27:34 | target |
| express.js:27:16:27:34 | req.param("target") |
| express.js:27:16:27:34 | req.param("target") |
| express.js:33:18:33:23 | target |
| express.js:33:18:33:23 | target |
| express.js:35:16:35:21 | target |
| express.js:35:16:35:21 | target |
| express.js:40:16:40:108 | (req.pa ... ntacts" |
| express.js:40:16:40:108 | (req.pa ... ntacts" |
| express.js:40:69:40:87 | req.param('action') |
| express.js:40:69:40:87 | req.param('action') |
| express.js:74:16:74:43 | `${req. ... )}/foo` |
| express.js:74:16:74:43 | `${req. ... )}/foo` |
| express.js:74:19:74:37 | req.param("target") |
| express.js:74:19:74:37 | req.param("target") |
| express.js:83:7:83:34 | target |
| express.js:83:16:83:34 | req.param("target") |
| express.js:83:16:83:34 | req.param("target") |
| express.js:90:18:90:23 | target |
| express.js:90:18:90:23 | target |
| express.js:97:16:97:21 | target |
| express.js:97:16:97:21 | target |
| express.js:118:16:118:63 | [req.qu ... ection] |
| express.js:118:16:118:72 | [req.qu ... oin('') |
| express.js:118:16:118:72 | [req.qu ... oin('') |
| express.js:118:17:118:30 | req.query.page |
| express.js:118:17:118:30 | req.query.page |
| express.js:134:16:134:36 | '/' + r ... ms.user |
| express.js:134:16:134:36 | '/' + r ... ms.user |
| express.js:134:22:134:36 | req.params.user |
| express.js:134:22:134:36 | req.params.user |
| express.js:135:16:135:37 | '//' + ... ms.user |
| express.js:135:16:135:37 | '//' + ... ms.user |
| express.js:135:23:135:37 | req.params.user |
| express.js:135:23:135:37 | req.params.user |
| express.js:136:16:136:36 | 'u' + r ... ms.user |
| express.js:136:16:136:36 | 'u' + r ... ms.user |
| express.js:136:22:136:36 | req.params.user |
| express.js:136:22:136:36 | req.params.user |
| koa.js:6:6:6:27 | url |
| koa.js:6:12:6:27 | ctx.query.target |
| koa.js:6:12:6:27 | ctx.query.target |
| koa.js:7:15:7:17 | url |
| koa.js:7:15:7:17 | url |
| koa.js:8:15:8:26 | `${url}${x}` |
| koa.js:8:15:8:26 | `${url}${x}` |
| koa.js:8:18:8:20 | url |
| koa.js:14:16:14:18 | url |
| koa.js:14:16:14:18 | url |
| node.js:6:7:6:52 | target |
| node.js:6:16:6:39 | url.par ... , true) |
| node.js:6:16:6:45 | url.par ... ).query |
| node.js:6:16:6:52 | url.par ... .target |
| node.js:6:26:6:32 | req.url |
| node.js:6:26:6:32 | req.url |
| node.js:7:34:7:39 | target |
| node.js:7:34:7:39 | target |
| node.js:11:7:11:52 | target |
| node.js:11:16:11:39 | url.par ... , true) |
| node.js:11:16:11:45 | url.par ... ).query |
| node.js:11:16:11:52 | url.par ... .target |
| node.js:11:26:11:32 | req.url |
| node.js:11:26:11:32 | req.url |
| node.js:15:34:15:45 | '/' + target |
| node.js:15:34:15:45 | '/' + target |
| node.js:15:40:15:45 | target |
| node.js:29:7:29:52 | target |
@@ -48,52 +76,93 @@ nodes
| node.js:29:16:29:45 | url.par ... ).query |
| node.js:29:16:29:52 | url.par ... .target |
| node.js:29:26:29:32 | req.url |
| node.js:29:26:29:32 | req.url |
| node.js:32:34:32:39 | target |
| node.js:32:34:32:55 | target ... =" + me |
| node.js:32:34:32:55 | target ... =" + me |
| react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:8:17:8:23 | tainted |
| react-native.js:8:17:8:23 | tainted |
| react-native.js:9:26:9:32 | tainted |
| react-native.js:9:26:9:32 | tainted |
edges
| express.js:7:16:7:34 | req.param("target") | express.js:7:16:7:34 | req.param("target") |
| express.js:12:26:12:44 | req.param("target") | express.js:12:26:12:44 | req.param("target") |
| express.js:27:7:27:34 | target | express.js:33:18:33:23 | target |
| express.js:27:7:27:34 | target | express.js:33:18:33:23 | target |
| express.js:27:7:27:34 | target | express.js:35:16:35:21 | target |
| express.js:27:7:27:34 | target | express.js:35:16:35:21 | target |
| express.js:27:16:27:34 | req.param("target") | express.js:27:7:27:34 | target |
| express.js:27:16:27:34 | req.param("target") | express.js:27:7:27:34 | target |
| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" |
| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" |
| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" |
| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" |
| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` |
| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` |
| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` |
| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` |
| express.js:83:7:83:34 | target | express.js:90:18:90:23 | target |
| express.js:83:7:83:34 | target | express.js:90:18:90:23 | target |
| express.js:83:7:83:34 | target | express.js:97:16:97:21 | target |
| express.js:83:7:83:34 | target | express.js:97:16:97:21 | target |
| express.js:83:16:83:34 | req.param("target") | express.js:83:7:83:34 | target |
| express.js:83:16:83:34 | req.param("target") | express.js:83:7:83:34 | target |
| express.js:118:16:118:63 | [req.qu ... ection] | express.js:118:16:118:72 | [req.qu ... oin('') |
| express.js:118:16:118:63 | [req.qu ... ection] | express.js:118:16:118:72 | [req.qu ... oin('') |
| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:63 | [req.qu ... ection] |
| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:63 | [req.qu ... ection] |
| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user |
| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user |
| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user |
| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user |
| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user |
| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user |
| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user |
| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user |
| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user |
| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user |
| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user |
| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user |
| koa.js:6:6:6:27 | url | koa.js:7:15:7:17 | url |
| koa.js:6:6:6:27 | url | koa.js:7:15:7:17 | url |
| koa.js:6:6:6:27 | url | koa.js:8:18:8:20 | url |
| koa.js:6:6:6:27 | url | koa.js:14:16:14:18 | url |
| koa.js:6:6:6:27 | url | koa.js:14:16:14:18 | url |
| koa.js:6:12:6:27 | ctx.query.target | koa.js:6:6:6:27 | url |
| koa.js:6:12:6:27 | ctx.query.target | koa.js:6:6:6:27 | url |
| koa.js:8:18:8:20 | url | koa.js:8:15:8:26 | `${url}${x}` |
| koa.js:8:18:8:20 | url | koa.js:8:15:8:26 | `${url}${x}` |
| node.js:6:7:6:52 | target | node.js:7:34:7:39 | target |
| node.js:6:7:6:52 | target | node.js:7:34:7:39 | target |
| node.js:6:16:6:39 | url.par ... , true) | node.js:6:16:6:45 | url.par ... ).query |
| node.js:6:16:6:45 | url.par ... ).query | node.js:6:16:6:52 | url.par ... .target |
| node.js:6:16:6:52 | url.par ... .target | node.js:6:7:6:52 | target |
| node.js:6:26:6:32 | req.url | node.js:6:16:6:39 | url.par ... , true) |
| node.js:6:26:6:32 | req.url | node.js:6:16:6:39 | url.par ... , true) |
| node.js:11:7:11:52 | target | node.js:15:40:15:45 | target |
| node.js:11:16:11:39 | url.par ... , true) | node.js:11:16:11:45 | url.par ... ).query |
| node.js:11:16:11:45 | url.par ... ).query | node.js:11:16:11:52 | url.par ... .target |
| node.js:11:16:11:52 | url.par ... .target | node.js:11:7:11:52 | target |
| node.js:11:26:11:32 | req.url | node.js:11:16:11:39 | url.par ... , true) |
| node.js:11:26:11:32 | req.url | node.js:11:16:11:39 | url.par ... , true) |
| node.js:15:40:15:45 | target | node.js:15:34:15:45 | '/' + target |
| node.js:15:40:15:45 | target | node.js:15:34:15:45 | '/' + target |
| node.js:29:7:29:52 | target | node.js:32:34:32:39 | target |
| node.js:29:16:29:39 | url.par ... , true) | node.js:29:16:29:45 | url.par ... ).query |
| node.js:29:16:29:45 | url.par ... ).query | node.js:29:16:29:52 | url.par ... .target |
| node.js:29:16:29:52 | url.par ... .target | node.js:29:7:29:52 | target |
| node.js:29:26:29:32 | req.url | node.js:29:16:29:39 | url.par ... , true) |
| node.js:29:26:29:32 | req.url | node.js:29:16:29:39 | url.par ... , true) |
| node.js:32:34:32:39 | target | node.js:32:34:32:55 | target ... =" + me |
| node.js:32:34:32:39 | target | node.js:32:34:32:55 | target ... =" + me |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:17:8:23 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:17:8:23 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:9:26:9:32 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:9:26:9:32 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
#select
| express.js:7:16:7:34 | req.param("target") | express.js:7:16:7:34 | req.param("target") | express.js:7:16:7:34 | req.param("target") | Untrusted URL redirection due to $@. | express.js:7:16:7:34 | req.param("target") | user-provided value |

9
javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected
View File

@@ -1,18 +1,27 @@
nodes
| domparser.js:2:7:2:36 | src |
| domparser.js:2:13:2:29 | document.location |
| domparser.js:2:13:2:29 | document.location |
| domparser.js:2:13:2:36 | documen ... .search |
| domparser.js:11:55:11:57 | src |
| domparser.js:11:55:11:57 | src |
| domparser.js:14:57:14:59 | src |
| domparser.js:14:57:14:59 | src |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
edges
| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src |
| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src |
| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src |
| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src |
| domparser.js:2:13:2:29 | document.location | domparser.js:2:13:2:36 | documen ... .search |
| domparser.js:2:13:2:29 | document.location | domparser.js:2:13:2:36 | documen ... .search |
| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") |

10
javascript/ql/test/query-tests/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.expected
View File

@@ -1,10 +1,20 @@
nodes
| tst.js:17:11:17:113 | `Hi, lo ... token}` |
| tst.js:17:11:17:113 | `Hi, lo ... token}` |
| tst.js:17:84:17:91 | req.host |
| tst.js:17:84:17:91 | req.host |
| tst.js:18:11:18:127 | `Hi, lo ... reset.` |
| tst.js:18:11:18:127 | `Hi, lo ... reset.` |
| tst.js:18:78:18:85 | req.host |
| tst.js:18:78:18:85 | req.host |
edges
| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` |
| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` |
| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` |
| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` |
| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` |
| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` |
| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` |
| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` |
#select
| tst.js:17:11:17:113 | `Hi, lo ... token}` | tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` | Links in this email can be hijacked by poisoning the HTTP host header $@. | tst.js:17:84:17:91 | req.host | here |

20
javascript/ql/test/query-tests/Security/CWE-643/XpathInjection.expected
View File

@@ -1,31 +1,51 @@
nodes
| XpathInjectionBad.js:6:7:6:38 | userName |
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") |
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") |
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
| XpathInjectionBad.js:9:66:9:73 | userName |
| tst2.js:1:13:1:29 | document.location |
| tst2.js:1:13:1:29 | document.location |
| tst2.js:1:13:1:34 | documen ... on.hash |
| tst2.js:1:13:1:47 | documen ... ring(1) |
| tst2.js:2:27:2:31 | query |
| tst2.js:2:27:2:31 | query |
| tst2.js:3:19:3:23 | query |
| tst2.js:3:19:3:23 | query |
| tst.js:6:7:6:37 | tainted |
| tst.js:6:17:6:37 | req.par ... rName") |
| tst.js:6:17:6:37 | req.par ... rName") |
| tst.js:7:15:7:21 | tainted |
| tst.js:7:15:7:21 | tainted |
| tst.js:8:16:8:22 | tainted |
| tst.js:8:16:8:22 | tainted |
| tst.js:9:17:9:23 | tainted |
| tst.js:9:17:9:23 | tainted |
| tst.js:11:8:11:14 | tainted |
| tst.js:11:8:11:14 | tainted |
edges
| XpathInjectionBad.js:6:7:6:38 | userName | XpathInjectionBad.js:9:66:9:73 | userName |
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName |
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName |
| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
| tst2.js:1:13:1:29 | document.location | tst2.js:1:13:1:34 | documen ... on.hash |
| tst2.js:1:13:1:29 | document.location | tst2.js:1:13:1:34 | documen ... on.hash |
| tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) |
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query |
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query |
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:3:19:3:23 | query |
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:3:19:3:23 | query |
| tst.js:6:7:6:37 | tainted | tst.js:7:15:7:21 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:7:15:7:21 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:8:16:8:22 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:8:16:8:22 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:9:17:9:23 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:9:17:9:23 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:11:8:11:14 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:11:8:11:14 | tainted |
| tst.js:6:17:6:37 | req.par ... rName") | tst.js:6:7:6:37 | tainted |
| tst.js:6:17:6:37 | req.par ... rName") | tst.js:6:7:6:37 | tainted |
#select
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | $@ flows here and is used in an XPath expression. | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | User-provided value |

38
javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected
View File

@@ -1,33 +1,51 @@
nodes
| RegExpInjection.js:5:7:5:28 | key |
| RegExpInjection.js:5:13:5:28 | req.param("key") |
| RegExpInjection.js:5:13:5:28 | req.param("key") |
| RegExpInjection.js:5:31:5:56 | input |
| RegExpInjection.js:5:39:5:56 | req.param("input") |
| RegExpInjection.js:5:39:5:56 | req.param("input") |
| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" |
| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" |
| RegExpInjection.js:8:31:8:33 | key |
| RegExpInjection.js:19:14:19:22 | wrap(key) |
| RegExpInjection.js:19:14:19:22 | wrap(key) |
| RegExpInjection.js:19:19:19:21 | key |
| RegExpInjection.js:21:14:21:22 | wrap(key) |
| RegExpInjection.js:21:14:21:22 | wrap(key) |
| RegExpInjection.js:21:19:21:21 | key |
| RegExpInjection.js:24:12:24:27 | req.param("key") |
| RegExpInjection.js:24:12:24:27 | req.param("key") |
| RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:29:21:29:21 | s |
| RegExpInjection.js:29:21:29:21 | s |
| RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:33:12:33:14 | key |
| RegExpInjection.js:34:12:34:19 | getKey() |
| RegExpInjection.js:40:19:40:23 | input |
| RegExpInjection.js:40:19:40:23 | input |
| RegExpInjection.js:41:22:41:26 | input |
| RegExpInjection.js:41:22:41:26 | input |
| RegExpInjection.js:42:21:42:25 | input |
| RegExpInjection.js:42:21:42:25 | input |
| RegExpInjection.js:45:20:45:24 | input |
| RegExpInjection.js:45:20:45:24 | input |
| RegExpInjection.js:46:23:46:27 | input |
| RegExpInjection.js:46:23:46:27 | input |
| RegExpInjection.js:47:22:47:26 | input |
| RegExpInjection.js:47:22:47:26 | input |
| RegExpInjection.js:50:46:50:50 | input |
| RegExpInjection.js:50:46:50:50 | input |
| tst.js:1:46:1:46 | e |
| tst.js:1:46:1:46 | e |
| tst.js:2:9:2:21 | data |
| tst.js:2:16:2:16 | e |
| tst.js:2:16:2:21 | e.data |
| tst.js:3:16:3:35 | "^"+ data.name + "$" |
| tst.js:3:16:3:35 | "^"+ data.name + "$" |
| tst.js:3:21:3:24 | data |
| tst.js:3:21:3:29 | data.name |
edges
@@ -36,29 +54,49 @@ edges
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:21:19:21:21 | key |
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:33:12:33:14 | key |
| RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:5:7:5:28 | key |
| RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:5:7:5:28 | key |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:19:40:23 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:19:40:23 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:22:41:26 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:22:41:26 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:21:42:25 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:21:42:25 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:20:45:24 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:20:45:24 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:23:46:27 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:23:46:27 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:22:47:26 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:22:47:26 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:50:46:50:50 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:50:46:50:50 | input |
| RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input |
| RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input |
| RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" |
| RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" |
| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:19:14:19:22 | wrap(key) |
| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:19:14:19:22 | wrap(key) |
| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:21:14:21:22 | wrap(key) |
| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:21:14:21:22 | wrap(key) |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:34:12:34:19 | getKey() |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:34:12:34:19 | getKey() |
| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:33:12:33:14 | key | RegExpInjection.js:29:21:29:21 | s |
| RegExpInjection.js:34:12:34:19 | getKey() | RegExpInjection.js:29:21:29:21 | s |
| tst.js:1:46:1:46 | e | tst.js:2:16:2:16 | e |
| tst.js:1:46:1:46 | e | tst.js:2:16:2:16 | e |
| tst.js:2:9:2:21 | data | tst.js:3:21:3:24 | data |
| tst.js:2:16:2:16 | e | tst.js:2:16:2:21 | e.data |
| tst.js:2:16:2:21 | e.data | tst.js:2:9:2:21 | data |
| tst.js:3:21:3:24 | data | tst.js:3:21:3:29 | data.name |
| tst.js:3:21:3:29 | data.name | tst.js:3:16:3:35 | "^"+ data.name + "$" |
| tst.js:3:21:3:29 | data.name | tst.js:3:16:3:35 | "^"+ data.name + "$" |
#select
| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
| RegExpInjection.js:19:14:19:22 | wrap(key) | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:19:14:19:22 | wrap(key) | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |

52
javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCall.expected
View File

@@ -1,10 +1,13 @@
nodes
| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev |
| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev |
| UnsafeDynamicMethodAccess.js:6:9:6:37 | message |
| UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) |
| UnsafeDynamicMethodAccess.js:6:30:6:31 | ev |
| UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data |
| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] |
| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] |
| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] |
| UnsafeDynamicMethodAccess.js:15:9:15:15 | message |
| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name |
| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action |
@@ -12,7 +15,11 @@ nodes
| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] |
| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] |
| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action |
| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action |
| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| tst.js:6:39:6:40 | ev |
| tst.js:6:39:6:40 | ev |
| tst.js:7:9:7:39 | name |
| tst.js:7:16:7:34 | JSON.parse(ev.data) |
@@ -20,9 +27,13 @@ nodes
| tst.js:7:27:7:28 | ev |
| tst.js:7:27:7:33 | ev.data |
| tst.js:9:5:9:16 | obj[ev.data] |
| tst.js:9:5:9:16 | obj[ev.data] |
| tst.js:9:5:9:16 | obj[ev.data] |
| tst.js:9:9:9:10 | ev |
| tst.js:9:9:9:15 | ev.data |
| tst.js:11:5:11:13 | obj[name] |
| tst.js:11:5:11:13 | obj[name] |
| tst.js:11:5:11:13 | obj[name] |
| tst.js:11:9:11:12 | name |
| tst.js:17:9:17:22 | fn |
| tst.js:17:9:17:22 | fn |
@@ -30,22 +41,35 @@ nodes
| tst.js:17:14:17:22 | obj[name] |
| tst.js:17:18:17:21 | name |
| tst.js:18:5:18:6 | fn |
| tst.js:18:5:18:6 | fn |
| tst.js:18:5:18:6 | fn |
| tst.js:20:7:20:8 | fn |
| tst.js:20:7:20:8 | fn |
| tst.js:21:7:21:15 | obj[name] |
| tst.js:21:7:21:15 | obj[name] |
| tst.js:21:7:21:15 | obj[name] |
| tst.js:21:11:21:14 | name |
| tst.js:22:11:22:12 | fn |
| tst.js:22:11:22:12 | fn |
| tst.js:26:7:26:15 | obj[name] |
| tst.js:26:7:26:15 | obj[name] |
| tst.js:26:7:26:15 | obj[name] |
| tst.js:26:11:26:14 | name |
| tst.js:28:7:28:15 | obj[name] |
| tst.js:28:7:28:15 | obj[name] |
| tst.js:28:11:28:14 | name |
| tst.js:34:9:34:24 | key |
| tst.js:34:15:34:24 | "$" + name |
| tst.js:34:21:34:24 | name |
| tst.js:35:5:35:12 | obj[key] |
| tst.js:35:5:35:12 | obj[key] |
| tst.js:35:5:35:12 | obj[key] |
| tst.js:35:9:35:11 | key |
| tst.js:37:7:37:14 | obj[key] |
| tst.js:37:7:37:14 | obj[key] |
| tst.js:37:11:37:13 | key |
| tst.js:47:39:47:40 | ev |
| tst.js:47:39:47:40 | ev |
| tst.js:48:9:48:39 | name |
| tst.js:48:16:48:34 | JSON.parse(ev.data) |
| tst.js:48:16:48:39 | JSON.pa ... a).name |
@@ -55,21 +79,31 @@ nodes
| tst.js:49:14:49:23 | obj2[name] |
| tst.js:49:19:49:22 | name |
| tst.js:50:5:50:6 | fn |
| tst.js:50:5:50:6 | fn |
edges
| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:6:30:6:31 | ev |
| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:6:30:6:31 | ev |
| UnsafeDynamicMethodAccess.js:6:9:6:37 | message | UnsafeDynamicMethodAccess.js:15:9:15:15 | message |
| UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | UnsafeDynamicMethodAccess.js:6:9:6:37 | message |
| UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data |
| UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) |
| UnsafeDynamicMethodAccess.js:15:9:15:15 | message | UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name |
| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] |
| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] |
| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] |
| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | UnvalidatedDynamicMethodCall.js:14:7:14:41 | action |
| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | UnvalidatedDynamicMethodCall.js:14:7:14:41 | action |
| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] |
| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] |
| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] |
| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] |
| tst.js:6:39:6:40 | ev | tst.js:7:27:7:28 | ev |
| tst.js:6:39:6:40 | ev | tst.js:7:27:7:28 | ev |
| tst.js:6:39:6:40 | ev | tst.js:9:9:9:10 | ev |
| tst.js:6:39:6:40 | ev | tst.js:9:9:9:10 | ev |
| tst.js:7:9:7:39 | name | tst.js:11:9:11:12 | name |
| tst.js:7:9:7:39 | name | tst.js:17:18:17:21 | name |
@@ -83,24 +117,41 @@ edges
| tst.js:7:27:7:33 | ev.data | tst.js:7:16:7:34 | JSON.parse(ev.data) |
| tst.js:9:9:9:10 | ev | tst.js:9:9:9:15 | ev.data |
| tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] |
| tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] |
| tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] |
| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] |
| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] |
| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] |
| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn |
| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn |
| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn |
| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn |
| tst.js:17:9:17:22 | fn | tst.js:20:7:20:8 | fn |
| tst.js:17:9:17:22 | fn | tst.js:20:7:20:8 | fn |
| tst.js:17:9:17:22 | fn | tst.js:22:11:22:12 | fn |
| tst.js:17:9:17:22 | fn | tst.js:22:11:22:12 | fn |
| tst.js:17:14:17:22 | obj[name] | tst.js:17:9:17:22 | fn |
| tst.js:17:14:17:22 | obj[name] | tst.js:17:9:17:22 | fn |
| tst.js:17:18:17:21 | name | tst.js:17:14:17:22 | obj[name] |
| tst.js:17:18:17:21 | name | tst.js:17:14:17:22 | obj[name] |
| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] |
| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] |
| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] |
| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] |
| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] |
| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] |
| tst.js:28:11:28:14 | name | tst.js:28:7:28:15 | obj[name] |
| tst.js:28:11:28:14 | name | tst.js:28:7:28:15 | obj[name] |
| tst.js:34:9:34:24 | key | tst.js:35:9:35:11 | key |
| tst.js:34:9:34:24 | key | tst.js:37:11:37:13 | key |
| tst.js:34:15:34:24 | "$" + name | tst.js:34:9:34:24 | key |
| tst.js:34:21:34:24 | name | tst.js:34:15:34:24 | "$" + name |
| tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] |
| tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] |
| tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] |
| tst.js:37:11:37:13 | key | tst.js:37:7:37:14 | obj[key] |
| tst.js:37:11:37:13 | key | tst.js:37:7:37:14 | obj[key] |
| tst.js:47:39:47:40 | ev | tst.js:48:27:48:28 | ev |
| tst.js:47:39:47:40 | ev | tst.js:48:27:48:28 | ev |
| tst.js:48:9:48:39 | name | tst.js:49:19:49:22 | name |
| tst.js:48:16:48:34 | JSON.parse(ev.data) | tst.js:48:16:48:39 | JSON.pa ... a).name |
@@ -108,6 +159,7 @@ edges
| tst.js:48:27:48:28 | ev | tst.js:48:27:48:33 | ev.data |
| tst.js:48:27:48:33 | ev.data | tst.js:48:16:48:34 | JSON.parse(ev.data) |
| tst.js:49:9:49:23 | fn | tst.js:50:5:50:6 | fn |
| tst.js:49:9:49:23 | fn | tst.js:50:5:50:6 | fn |
| tst.js:49:14:49:23 | obj2[name] | tst.js:49:9:49:23 | fn |
| tst.js:49:19:49:22 | name | tst.js:49:14:49:23 | obj2[name] |
#select

21
javascript/ql/test/query-tests/Security/CWE-776/XmlBomb.expected
View File

@@ -1,39 +1,60 @@
nodes
| closure.js:2:7:2:36 | src |
| closure.js:2:13:2:29 | document.location |
| closure.js:2:13:2:29 | document.location |
| closure.js:2:13:2:36 | documen ... .search |
| closure.js:4:24:4:26 | src |
| closure.js:4:24:4:26 | src |
| domparser.js:2:7:2:36 | src |
| domparser.js:2:13:2:29 | document.location |
| domparser.js:2:13:2:29 | document.location |
| domparser.js:2:13:2:36 | documen ... .search |
| domparser.js:6:37:6:39 | src |
| domparser.js:6:37:6:39 | src |
| domparser.js:11:55:11:57 | src |
| domparser.js:11:55:11:57 | src |
| domparser.js:14:57:14:59 | src |
| domparser.js:14:57:14:59 | src |
| expat.js:7:16:7:36 | req.par ... e-xml") |
| expat.js:7:16:7:36 | req.par ... e-xml") |
| expat.js:7:16:7:36 | req.par ... e-xml") |
| jquery.js:2:7:2:36 | src |
| jquery.js:2:13:2:29 | document.location |
| jquery.js:2:13:2:29 | document.location |
| jquery.js:2:13:2:36 | documen ... .search |
| jquery.js:5:14:5:16 | src |
| jquery.js:5:14:5:16 | src |
| libxml.js:6:21:6:41 | req.par ... e-xml") |
| libxml.js:6:21:6:41 | req.par ... e-xml") |
| libxml.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
edges
| closure.js:2:7:2:36 | src | closure.js:4:24:4:26 | src |
| closure.js:2:7:2:36 | src | closure.js:4:24:4:26 | src |
| closure.js:2:13:2:29 | document.location | closure.js:2:13:2:36 | documen ... .search |
| closure.js:2:13:2:29 | document.location | closure.js:2:13:2:36 | documen ... .search |
| closure.js:2:13:2:36 | documen ... .search | closure.js:2:7:2:36 | src |
| domparser.js:2:7:2:36 | src | domparser.js:6:37:6:39 | src |
| domparser.js:2:7:2:36 | src | domparser.js:6:37:6:39 | src |
| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src |
| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src |
| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src |
| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src |
| domparser.js:2:13:2:29 | document.location | domparser.js:2:13:2:36 | documen ... .search |
| domparser.js:2:13:2:29 | document.location | domparser.js:2:13:2:36 | documen ... .search |
| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src |
| expat.js:7:16:7:36 | req.par ... e-xml") | expat.js:7:16:7:36 | req.par ... e-xml") |
| jquery.js:2:7:2:36 | src | jquery.js:5:14:5:16 | src |
| jquery.js:2:7:2:36 | src | jquery.js:5:14:5:16 | src |
| jquery.js:2:13:2:29 | document.location | jquery.js:2:13:2:36 | documen ... .search |
| jquery.js:2:13:2:29 | document.location | jquery.js:2:13:2:36 | documen ... .search |
| jquery.js:2:13:2:36 | documen ... .search | jquery.js:2:7:2:36 | src |
| libxml.js:6:21:6:41 | req.par ... e-xml") | libxml.js:6:21:6:41 | req.par ... e-xml") |

58
javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected
View File

@@ -1,110 +1,165 @@
nodes
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
| HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' |
| HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' |
| HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' |
| HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" |
| HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" |
| HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" |
| HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" |
| HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" |
| HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" |
| HardcodedCredentials.js:18:16:18:30 | "user:abcdefgh" |
| HardcodedCredentials.js:18:16:18:30 | "user:abcdefgh" |
| HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:27:25:27:31 | 'admin' |
| HardcodedCredentials.js:27:25:27:31 | 'admin' |
| HardcodedCredentials.js:27:25:27:31 | 'admin' |
| HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' |
| HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' |
| HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
| HardcodedCredentials.js:29:35:29:44 | 'abcdefgh' |
| HardcodedCredentials.js:29:35:29:44 | 'abcdefgh' |
| HardcodedCredentials.js:29:35:29:44 | 'abcdefgh' |
| HardcodedCredentials.js:35:15:35:24 | 'username' |
| HardcodedCredentials.js:35:15:35:24 | 'username' |
| HardcodedCredentials.js:35:15:35:24 | 'username' |
| HardcodedCredentials.js:35:27:35:36 | 'abcdefgh' |
| HardcodedCredentials.js:35:27:35:36 | 'abcdefgh' |
| HardcodedCredentials.js:35:27:35:36 | 'abcdefgh' |
| HardcodedCredentials.js:41:38:41:47 | 'username' |
| HardcodedCredentials.js:41:38:41:47 | 'username' |
| HardcodedCredentials.js:41:38:41:47 | 'username' |
| HardcodedCredentials.js:41:67:41:76 | 'abcdefgh' |
| HardcodedCredentials.js:41:67:41:76 | 'abcdefgh' |
| HardcodedCredentials.js:41:67:41:76 | 'abcdefgh' |
| HardcodedCredentials.js:42:35:42:44 | 'username' |
| HardcodedCredentials.js:42:35:42:44 | 'username' |
| HardcodedCredentials.js:42:35:42:44 | 'username' |
| HardcodedCredentials.js:42:64:42:73 | 'abcdefgh' |
| HardcodedCredentials.js:42:64:42:73 | 'abcdefgh' |
| HardcodedCredentials.js:42:64:42:73 | 'abcdefgh' |
| HardcodedCredentials.js:44:34:44:43 | 'username' |
| HardcodedCredentials.js:44:34:44:43 | 'username' |
| HardcodedCredentials.js:44:34:44:43 | 'username' |
| HardcodedCredentials.js:44:63:44:72 | 'abcdefgh' |
| HardcodedCredentials.js:44:63:44:72 | 'abcdefgh' |
| HardcodedCredentials.js:44:63:44:72 | 'abcdefgh' |
| HardcodedCredentials.js:46:25:46:34 | 'abcdefgh' |
| HardcodedCredentials.js:46:25:46:34 | 'abcdefgh' |
| HardcodedCredentials.js:46:25:46:34 | 'abcdefgh' |
| HardcodedCredentials.js:53:27:53:36 | 'username' |
| HardcodedCredentials.js:53:27:53:36 | 'username' |
| HardcodedCredentials.js:53:27:53:36 | 'username' |
| HardcodedCredentials.js:53:39:53:48 | 'abcdefgh' |
| HardcodedCredentials.js:53:39:53:48 | 'abcdefgh' |
| HardcodedCredentials.js:53:39:53:48 | 'abcdefgh' |
| HardcodedCredentials.js:56:21:56:30 | 'username' |
| HardcodedCredentials.js:56:21:56:30 | 'username' |
| HardcodedCredentials.js:56:21:56:30 | 'username' |
| HardcodedCredentials.js:57:21:57:30 | 'abcdefgh' |
| HardcodedCredentials.js:57:21:57:30 | 'abcdefgh' |
| HardcodedCredentials.js:57:21:57:30 | 'abcdefgh' |
| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' |
| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' |
| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' |
| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' |
| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' |
| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' |
| HardcodedCredentials.js:69:28:69:37 | 'username' |
| HardcodedCredentials.js:69:28:69:37 | 'username' |
| HardcodedCredentials.js:69:28:69:37 | 'username' |
| HardcodedCredentials.js:69:40:69:49 | 'abcdefgh' |
| HardcodedCredentials.js:69:40:69:49 | 'abcdefgh' |
| HardcodedCredentials.js:69:40:69:49 | 'abcdefgh' |
| HardcodedCredentials.js:70:28:70:37 | 'username' |
| HardcodedCredentials.js:70:28:70:37 | 'username' |
| HardcodedCredentials.js:70:28:70:37 | 'username' |
| HardcodedCredentials.js:70:40:70:49 | 'abcdefgh' |
| HardcodedCredentials.js:70:40:70:49 | 'abcdefgh' |
| HardcodedCredentials.js:70:40:70:49 | 'abcdefgh' |
| HardcodedCredentials.js:72:23:72:32 | 'username' |
| HardcodedCredentials.js:72:23:72:32 | 'username' |
| HardcodedCredentials.js:72:23:72:32 | 'username' |
| HardcodedCredentials.js:72:35:72:44 | 'abcdefgh' |
| HardcodedCredentials.js:72:35:72:44 | 'abcdefgh' |
| HardcodedCredentials.js:72:35:72:44 | 'abcdefgh' |
| HardcodedCredentials.js:75:21:75:30 | 'username' |
| HardcodedCredentials.js:75:21:75:30 | 'username' |
| HardcodedCredentials.js:75:21:75:30 | 'username' |
| HardcodedCredentials.js:76:21:76:30 | 'abcdefgh' |
| HardcodedCredentials.js:76:21:76:30 | 'abcdefgh' |
| HardcodedCredentials.js:76:21:76:30 | 'abcdefgh' |
| HardcodedCredentials.js:84:38:84:47 | 'username' |
| HardcodedCredentials.js:84:38:84:47 | 'username' |
| HardcodedCredentials.js:84:38:84:47 | 'username' |
| HardcodedCredentials.js:84:50:84:59 | 'abcdefgh' |
| HardcodedCredentials.js:84:50:84:59 | 'abcdefgh' |
| HardcodedCredentials.js:84:50:84:59 | 'abcdefgh' |
| HardcodedCredentials.js:86:44:86:53 | 'username' |
| HardcodedCredentials.js:86:44:86:53 | 'username' |
| HardcodedCredentials.js:86:44:86:53 | 'username' |
| HardcodedCredentials.js:86:56:86:65 | 'abcdefgh' |
| HardcodedCredentials.js:86:56:86:65 | 'abcdefgh' |
| HardcodedCredentials.js:86:56:86:65 | 'abcdefgh' |
| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' |
| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' |
| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' |
| HardcodedCredentials.js:98:18:98:21 | 'x1' |
| HardcodedCredentials.js:98:18:98:21 | 'x1' |
| HardcodedCredentials.js:98:18:98:21 | 'x1' |
| HardcodedCredentials.js:99:16:99:19 | 'x2' |
| HardcodedCredentials.js:99:16:99:19 | 'x2' |
| HardcodedCredentials.js:99:16:99:19 | 'x2' |
| HardcodedCredentials.js:100:25:100:28 | 'x3' |
| HardcodedCredentials.js:100:25:100:28 | 'x3' |
| HardcodedCredentials.js:100:25:100:28 | 'x3' |
| HardcodedCredentials.js:101:19:101:22 | 'x4' |
| HardcodedCredentials.js:101:19:101:22 | 'x4' |
| HardcodedCredentials.js:101:19:101:22 | 'x4' |
| HardcodedCredentials.js:102:14:102:23 | 'abcdefgh' |
| HardcodedCredentials.js:102:14:102:23 | 'abcdefgh' |
| HardcodedCredentials.js:102:14:102:23 | 'abcdefgh' |
| HardcodedCredentials.js:103:17:103:26 | 'abcdefgh' |
| HardcodedCredentials.js:103:17:103:26 | 'abcdefgh' |
| HardcodedCredentials.js:103:17:103:26 | 'abcdefgh' |
| HardcodedCredentials.js:104:27:104:36 | 'abcdefgh' |
| HardcodedCredentials.js:104:27:104:36 | 'abcdefgh' |
| HardcodedCredentials.js:104:27:104:36 | 'abcdefgh' |
| HardcodedCredentials.js:105:19:105:28 | 'abcdefgh' |
| HardcodedCredentials.js:105:19:105:28 | 'abcdefgh' |
| HardcodedCredentials.js:105:19:105:28 | 'abcdefgh' |
| HardcodedCredentials.js:106:16:106:25 | 'abcdefgh' |
| HardcodedCredentials.js:106:16:106:25 | 'abcdefgh' |
| HardcodedCredentials.js:106:16:106:25 | 'abcdefgh' |
| HardcodedCredentials.js:112:19:112:22 | 'x5' |
| HardcodedCredentials.js:112:19:112:22 | 'x5' |
| HardcodedCredentials.js:112:19:112:22 | 'x5' |
| HardcodedCredentials.js:113:19:113:28 | 'abcdefgh' |
| HardcodedCredentials.js:113:19:113:28 | 'abcdefgh' |
| HardcodedCredentials.js:113:19:113:28 | 'abcdefgh' |
| HardcodedCredentials.js:130:44:130:53 | 'abcdefgh' |
| HardcodedCredentials.js:130:44:130:53 | 'abcdefgh' |
| HardcodedCredentials.js:130:44:130:53 | 'abcdefgh' |
| HardcodedCredentials.js:131:52:131:61 | 'abcdefgh' |
| HardcodedCredentials.js:131:52:131:61 | 'abcdefgh' |
| HardcodedCredentials.js:131:52:131:61 | 'abcdefgh' |
| HardcodedCredentials.js:135:41:135:50 | "abcdefgh" |
| HardcodedCredentials.js:135:41:135:50 | "abcdefgh" |
| HardcodedCredentials.js:135:41:135:50 | "abcdefgh" |
| HardcodedCredentials.js:160:38:160:48 | "change_me" |
| HardcodedCredentials.js:160:38:160:48 | "change_me" |
| HardcodedCredentials.js:160:38:160:48 | "change_me" |
| HardcodedCredentials.js:161:41:161:51 | 'change_me' |
| HardcodedCredentials.js:161:41:161:51 | 'change_me' |
| HardcodedCredentials.js:161:41:161:51 | 'change_me' |
| HardcodedCredentials.js:164:35:164:45 | 'change_me' |
| HardcodedCredentials.js:164:35:164:45 | 'change_me' |
| HardcodedCredentials.js:164:35:164:45 | 'change_me' |
edges
@@ -113,6 +168,9 @@ edges
| HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" | HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" |
| HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" | HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" |
| HardcodedCredentials.js:18:16:18:30 | "user:abcdefgh" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:18:16:18:30 | "user:abcdefgh" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:18:16:18:30 | "user:abcdefgh" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:18:16:18:30 | "user:abcdefgh" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:27:25:27:31 | 'admin' | HardcodedCredentials.js:27:25:27:31 | 'admin' |
| HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' | HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |

47
javascript/ql/test/query-tests/Security/CWE-807/ConditionalBypass.expected
View File

@@ -1,57 +1,102 @@
nodes
| tst.js:9:8:9:26 | req.params.shutDown |
| tst.js:9:8:9:26 | req.params.shutDown |
| tst.js:9:8:9:26 | req.params.shutDown |
| tst.js:14:9:14:19 | req.cookies |
| tst.js:14:9:14:19 | req.cookies |
| tst.js:14:9:14:30 | req.coo ... inThing |
| tst.js:14:9:14:30 | req.coo ... inThing |
| tst.js:30:9:30:37 | v3 |
| tst.js:30:14:30:37 | id(req. ... okieId) |
| tst.js:30:17:30:27 | req.cookies |
| tst.js:30:17:30:27 | req.cookies |
| tst.js:30:17:30:36 | req.cookies.cookieId |
| tst.js:31:9:31:10 | v3 |
| tst.js:31:9:31:10 | v3 |
| tst.js:37:13:37:23 | req.cookies |
| tst.js:37:13:37:23 | req.cookies |
| tst.js:37:13:37:32 | req.cookies.cookieId |
| tst.js:37:13:37:32 | req.cookies.cookieId |
| tst.js:43:9:43:19 | req.cookies |
| tst.js:43:9:43:19 | req.cookies |
| tst.js:43:9:43:28 | req.cookies.cookieId |
| tst.js:43:9:43:28 | req.cookies.cookieId |
| tst.js:50:8:50:23 | req.params.login |
| tst.js:50:8:50:23 | req.params.login |
| tst.js:50:8:50:23 | req.params.login |
| tst.js:65:8:65:23 | req.params.login |
| tst.js:65:8:65:23 | req.params.login |
| tst.js:65:8:65:23 | req.params.login |
| tst.js:70:9:70:19 | req.cookies |
| tst.js:70:9:70:19 | req.cookies |
| tst.js:70:9:70:28 | req.cookies.cookieId |
| tst.js:70:9:70:28 | req.cookies.cookieId |
| tst.js:70:34:70:53 | req.params.requestId |
| tst.js:70:34:70:53 | req.params.requestId |
| tst.js:70:34:70:53 | req.params.requestId |
| tst.js:75:14:75:24 | req.cookies |
| tst.js:75:14:75:24 | req.cookies |
| tst.js:75:14:75:33 | req.cookies.cookieId |
| tst.js:75:14:75:33 | req.cookies.cookieId |
| tst.js:75:39:75:58 | req.params.requestId |
| tst.js:75:39:75:58 | req.params.requestId |
| tst.js:75:39:75:58 | req.params.requestId |
| tst.js:90:9:90:19 | req.cookies |
| tst.js:90:9:90:19 | req.cookies |
| tst.js:90:9:90:28 | req.cookies.cookieId |
| tst.js:90:9:90:28 | req.cookies.cookieId |
| tst.js:90:9:90:41 | req.coo ... secret" |
| tst.js:90:9:90:41 | req.coo ... secret" |
| tst.js:104:10:104:17 | req.body |
| tst.js:104:10:104:17 | req.body |
| tst.js:104:10:104:17 | req.body |
| tst.js:111:13:111:32 | req.query.vulnerable |
| tst.js:111:13:111:32 | req.query.vulnerable |
| tst.js:111:13:111:32 | req.query.vulnerable |
| tst.js:118:13:118:32 | req.query.vulnerable |
| tst.js:118:13:118:32 | req.query.vulnerable |
| tst.js:118:13:118:32 | req.query.vulnerable |
| tst.js:126:13:126:32 | req.query.vulnerable |
| tst.js:126:13:126:32 | req.query.vulnerable |
| tst.js:126:13:126:32 | req.query.vulnerable |
edges
| tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown |
| tst.js:14:9:14:19 | req.cookies | tst.js:14:9:14:30 | req.coo ... inThing |
| tst.js:14:9:14:19 | req.cookies | tst.js:14:9:14:30 | req.coo ... inThing |
| tst.js:14:9:14:19 | req.cookies | tst.js:14:9:14:30 | req.coo ... inThing |
| tst.js:14:9:14:19 | req.cookies | tst.js:14:9:14:30 | req.coo ... inThing |
| tst.js:30:9:30:37 | v3 | tst.js:31:9:31:10 | v3 |
| tst.js:30:9:30:37 | v3 | tst.js:31:9:31:10 | v3 |
| tst.js:30:14:30:37 | id(req. ... okieId) | tst.js:30:9:30:37 | v3 |
| tst.js:30:17:30:27 | req.cookies | tst.js:30:17:30:36 | req.cookies.cookieId |
| tst.js:30:17:30:27 | req.cookies | tst.js:30:17:30:36 | req.cookies.cookieId |
| tst.js:30:17:30:36 | req.cookies.cookieId | tst.js:30:14:30:37 | id(req. ... okieId) |
| tst.js:37:13:37:23 | req.cookies | tst.js:37:13:37:32 | req.cookies.cookieId |
| tst.js:37:13:37:23 | req.cookies | tst.js:37:13:37:32 | req.cookies.cookieId |
| tst.js:37:13:37:23 | req.cookies | tst.js:37:13:37:32 | req.cookies.cookieId |
| tst.js:37:13:37:23 | req.cookies | tst.js:37:13:37:32 | req.cookies.cookieId |
| tst.js:43:9:43:19 | req.cookies | tst.js:43:9:43:28 | req.cookies.cookieId |
| tst.js:43:9:43:19 | req.cookies | tst.js:43:9:43:28 | req.cookies.cookieId |
| tst.js:43:9:43:19 | req.cookies | tst.js:43:9:43:28 | req.cookies.cookieId |
| tst.js:43:9:43:19 | req.cookies | tst.js:43:9:43:28 | req.cookies.cookieId |
| tst.js:50:8:50:23 | req.params.login | tst.js:50:8:50:23 | req.params.login |
| tst.js:65:8:65:23 | req.params.login | tst.js:65:8:65:23 | req.params.login |
| tst.js:70:9:70:19 | req.cookies | tst.js:70:9:70:28 | req.cookies.cookieId |
| tst.js:70:9:70:19 | req.cookies | tst.js:70:9:70:28 | req.cookies.cookieId |
| tst.js:70:9:70:19 | req.cookies | tst.js:70:9:70:28 | req.cookies.cookieId |
| tst.js:70:9:70:19 | req.cookies | tst.js:70:9:70:28 | req.cookies.cookieId |
| tst.js:70:34:70:53 | req.params.requestId | tst.js:70:34:70:53 | req.params.requestId |
| tst.js:75:14:75:24 | req.cookies | tst.js:75:14:75:33 | req.cookies.cookieId |
| tst.js:75:14:75:24 | req.cookies | tst.js:75:14:75:33 | req.cookies.cookieId |
| tst.js:75:14:75:24 | req.cookies | tst.js:75:14:75:33 | req.cookies.cookieId |
| tst.js:75:14:75:24 | req.cookies | tst.js:75:14:75:33 | req.cookies.cookieId |
| tst.js:75:39:75:58 | req.params.requestId | tst.js:75:39:75:58 | req.params.requestId |
| tst.js:90:9:90:19 | req.cookies | tst.js:90:9:90:28 | req.cookies.cookieId |
| tst.js:90:9:90:19 | req.cookies | tst.js:90:9:90:41 | req.coo ... secret" |
| tst.js:90:9:90:19 | req.cookies | tst.js:90:9:90:28 | req.cookies.cookieId |
| tst.js:90:9:90:19 | req.cookies | tst.js:90:9:90:28 | req.cookies.cookieId |
| tst.js:90:9:90:19 | req.cookies | tst.js:90:9:90:28 | req.cookies.cookieId |
| tst.js:90:9:90:28 | req.cookies.cookieId | tst.js:90:9:90:41 | req.coo ... secret" |
| tst.js:90:9:90:28 | req.cookies.cookieId | tst.js:90:9:90:41 | req.coo ... secret" |
| tst.js:104:10:104:17 | req.body | tst.js:104:10:104:17 | req.body |
| tst.js:111:13:111:32 | req.query.vulnerable | tst.js:111:13:111:32 | req.query.vulnerable |
| tst.js:118:13:118:32 | req.query.vulnerable | tst.js:118:13:118:32 | req.query.vulnerable |

36
javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjection.expected
View File

@@ -1,49 +1,85 @@
nodes
| LoopBoundInjectionBad.js:8:13:8:20 | req.body |
| LoopBoundInjectionBad.js:8:13:8:20 | req.body |
| LoopBoundInjectionBad.js:10:15:10:22 | req.body |
| LoopBoundInjectionBad.js:10:15:10:22 | req.body |
| LoopBoundInjectionBad.js:12:25:12:32 | req.body |
| LoopBoundInjectionBad.js:12:25:12:32 | req.body |
| LoopBoundInjectionBad.js:14:19:14:26 | req.body |
| LoopBoundInjectionBad.js:14:19:14:26 | req.body |
| LoopBoundInjectionBad.js:17:18:17:20 | val |
| LoopBoundInjectionBad.js:20:25:20:27 | val |
| LoopBoundInjectionBad.js:20:25:20:27 | val |
| LoopBoundInjectionBad.js:25:20:25:22 | val |
| LoopBoundInjectionBad.js:29:16:29:18 | val |
| LoopBoundInjectionBad.js:29:16:29:18 | val |
| LoopBoundInjectionBad.js:35:30:35:32 | val |
| LoopBoundInjectionBad.js:38:15:38:17 | val |
| LoopBoundInjectionBad.js:38:15:38:17 | val |
| LoopBoundInjectionBad.js:46:24:46:26 | val |
| LoopBoundInjectionBad.js:51:25:51:27 | val |
| LoopBoundInjectionBad.js:51:25:51:27 | val |
| LoopBoundInjectionExitBad.js:8:9:8:16 | req.body |
| LoopBoundInjectionExitBad.js:8:9:8:16 | req.body |
| LoopBoundInjectionExitBad.js:10:9:10:16 | req.body |
| LoopBoundInjectionExitBad.js:10:9:10:16 | req.body |
| LoopBoundInjectionExitBad.js:12:10:12:17 | req.body |
| LoopBoundInjectionExitBad.js:12:10:12:17 | req.body |
| LoopBoundInjectionExitBad.js:14:14:14:21 | req.body |
| LoopBoundInjectionExitBad.js:14:14:14:21 | req.body |
| LoopBoundInjectionExitBad.js:17:17:17:19 | val |
| LoopBoundInjectionExitBad.js:20:22:20:24 | val |
| LoopBoundInjectionExitBad.js:20:22:20:24 | val |
| LoopBoundInjectionExitBad.js:31:17:31:19 | val |
| LoopBoundInjectionExitBad.js:34:22:34:24 | val |
| LoopBoundInjectionExitBad.js:34:22:34:24 | val |
| LoopBoundInjectionExitBad.js:46:18:46:20 | val |
| LoopBoundInjectionExitBad.js:49:22:49:24 | val |
| LoopBoundInjectionExitBad.js:49:22:49:24 | val |
| LoopBoundInjectionExitBad.js:59:22:59:24 | val |
| LoopBoundInjectionExitBad.js:60:8:60:10 | val |
| LoopBoundInjectionExitBad.js:60:8:60:10 | val |
| LoopBoundInjectionLodash.js:9:13:9:20 | req.body |
| LoopBoundInjectionLodash.js:9:13:9:20 | req.body |
| LoopBoundInjectionLodash.js:12:18:12:20 | val |
| LoopBoundInjectionLodash.js:13:13:13:15 | val |
| LoopBoundInjectionLodash.js:13:13:13:15 | val |
edges
| LoopBoundInjectionBad.js:8:13:8:20 | req.body | LoopBoundInjectionBad.js:17:18:17:20 | val |
| LoopBoundInjectionBad.js:8:13:8:20 | req.body | LoopBoundInjectionBad.js:17:18:17:20 | val |
| LoopBoundInjectionBad.js:10:15:10:22 | req.body | LoopBoundInjectionBad.js:25:20:25:22 | val |
| LoopBoundInjectionBad.js:10:15:10:22 | req.body | LoopBoundInjectionBad.js:25:20:25:22 | val |
| LoopBoundInjectionBad.js:12:25:12:32 | req.body | LoopBoundInjectionBad.js:35:30:35:32 | val |
| LoopBoundInjectionBad.js:12:25:12:32 | req.body | LoopBoundInjectionBad.js:35:30:35:32 | val |
| LoopBoundInjectionBad.js:14:19:14:26 | req.body | LoopBoundInjectionBad.js:46:24:46:26 | val |
| LoopBoundInjectionBad.js:14:19:14:26 | req.body | LoopBoundInjectionBad.js:46:24:46:26 | val |
| LoopBoundInjectionBad.js:17:18:17:20 | val | LoopBoundInjectionBad.js:20:25:20:27 | val |
| LoopBoundInjectionBad.js:17:18:17:20 | val | LoopBoundInjectionBad.js:20:25:20:27 | val |
| LoopBoundInjectionBad.js:25:20:25:22 | val | LoopBoundInjectionBad.js:29:16:29:18 | val |
| LoopBoundInjectionBad.js:25:20:25:22 | val | LoopBoundInjectionBad.js:29:16:29:18 | val |
| LoopBoundInjectionBad.js:35:30:35:32 | val | LoopBoundInjectionBad.js:38:15:38:17 | val |
| LoopBoundInjectionBad.js:35:30:35:32 | val | LoopBoundInjectionBad.js:38:15:38:17 | val |
| LoopBoundInjectionBad.js:46:24:46:26 | val | LoopBoundInjectionBad.js:51:25:51:27 | val |
| LoopBoundInjectionBad.js:46:24:46:26 | val | LoopBoundInjectionBad.js:51:25:51:27 | val |
| LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | LoopBoundInjectionExitBad.js:17:17:17:19 | val |
| LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | LoopBoundInjectionExitBad.js:17:17:17:19 | val |
| LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | LoopBoundInjectionExitBad.js:31:17:31:19 | val |
| LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | LoopBoundInjectionExitBad.js:31:17:31:19 | val |
| LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | LoopBoundInjectionExitBad.js:46:18:46:20 | val |
| LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | LoopBoundInjectionExitBad.js:46:18:46:20 | val |
| LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | LoopBoundInjectionExitBad.js:59:22:59:24 | val |
| LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | LoopBoundInjectionExitBad.js:59:22:59:24 | val |
| LoopBoundInjectionExitBad.js:17:17:17:19 | val | LoopBoundInjectionExitBad.js:20:22:20:24 | val |
| LoopBoundInjectionExitBad.js:17:17:17:19 | val | LoopBoundInjectionExitBad.js:20:22:20:24 | val |
| LoopBoundInjectionExitBad.js:31:17:31:19 | val | LoopBoundInjectionExitBad.js:34:22:34:24 | val |
| LoopBoundInjectionExitBad.js:31:17:31:19 | val | LoopBoundInjectionExitBad.js:34:22:34:24 | val |
| LoopBoundInjectionExitBad.js:46:18:46:20 | val | LoopBoundInjectionExitBad.js:49:22:49:24 | val |
| LoopBoundInjectionExitBad.js:46:18:46:20 | val | LoopBoundInjectionExitBad.js:49:22:49:24 | val |
| LoopBoundInjectionExitBad.js:59:22:59:24 | val | LoopBoundInjectionExitBad.js:60:8:60:10 | val |
| LoopBoundInjectionExitBad.js:59:22:59:24 | val | LoopBoundInjectionExitBad.js:60:8:60:10 | val |
| LoopBoundInjectionLodash.js:9:13:9:20 | req.body | LoopBoundInjectionLodash.js:12:18:12:20 | val |
| LoopBoundInjectionLodash.js:9:13:9:20 | req.body | LoopBoundInjectionLodash.js:12:18:12:20 | val |
| LoopBoundInjectionLodash.js:12:18:12:20 | val | LoopBoundInjectionLodash.js:13:13:13:15 | val |
| LoopBoundInjectionLodash.js:12:18:12:20 | val | LoopBoundInjectionLodash.js:13:13:13:15 | val |
#select
| LoopBoundInjectionBad.js:20:25:20:27 | val | LoopBoundInjectionBad.js:8:13:8:20 | req.body | LoopBoundInjectionBad.js:20:25:20:27 | val | Iterating over user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionBad.js:8:13:8:20 | req.body | here |

22
javascript/ql/test/query-tests/Security/CWE-843/TypeConfusionThroughParameterTampering.expected
View File

@@ -1,32 +1,54 @@
nodes
| tst.js:5:9:5:27 | foo |
| tst.js:5:15:5:27 | req.query.foo |
| tst.js:5:15:5:27 | req.query.foo |
| tst.js:6:5:6:7 | foo |
| tst.js:6:5:6:7 | foo |
| tst.js:8:5:8:7 | foo |
| tst.js:8:5:8:7 | foo |
| tst.js:11:9:11:11 | foo |
| tst.js:11:9:11:11 | foo |
| tst.js:14:16:14:18 | bar |
| tst.js:15:9:15:11 | bar |
| tst.js:15:9:15:11 | bar |
| tst.js:17:7:17:9 | foo |
| tst.js:27:5:27:7 | foo |
| tst.js:27:5:27:7 | foo |
| tst.js:28:5:28:7 | foo |
| tst.js:28:5:28:7 | foo |
| tst.js:36:9:36:11 | foo |
| tst.js:36:9:36:11 | foo |
| tst.js:41:5:41:7 | foo |
| tst.js:41:5:41:7 | foo |
| tst.js:45:9:45:35 | foo |
| tst.js:45:15:45:35 | ctx.req ... ery.foo |
| tst.js:45:15:45:35 | ctx.req ... ery.foo |
| tst.js:46:5:46:7 | foo |
| tst.js:46:5:46:7 | foo |
edges
| tst.js:5:9:5:27 | foo | tst.js:6:5:6:7 | foo |
| tst.js:5:9:5:27 | foo | tst.js:6:5:6:7 | foo |
| tst.js:5:9:5:27 | foo | tst.js:8:5:8:7 | foo |
| tst.js:5:9:5:27 | foo | tst.js:8:5:8:7 | foo |
| tst.js:5:9:5:27 | foo | tst.js:11:9:11:11 | foo |
| tst.js:5:9:5:27 | foo | tst.js:11:9:11:11 | foo |
| tst.js:5:9:5:27 | foo | tst.js:17:7:17:9 | foo |
| tst.js:5:9:5:27 | foo | tst.js:27:5:27:7 | foo |
| tst.js:5:9:5:27 | foo | tst.js:27:5:27:7 | foo |
| tst.js:5:9:5:27 | foo | tst.js:28:5:28:7 | foo |
| tst.js:5:9:5:27 | foo | tst.js:28:5:28:7 | foo |
| tst.js:5:9:5:27 | foo | tst.js:36:9:36:11 | foo |
| tst.js:5:9:5:27 | foo | tst.js:36:9:36:11 | foo |
| tst.js:5:9:5:27 | foo | tst.js:41:5:41:7 | foo |
| tst.js:5:9:5:27 | foo | tst.js:41:5:41:7 | foo |
| tst.js:5:15:5:27 | req.query.foo | tst.js:5:9:5:27 | foo |
| tst.js:5:15:5:27 | req.query.foo | tst.js:5:9:5:27 | foo |
| tst.js:14:16:14:18 | bar | tst.js:15:9:15:11 | bar |
| tst.js:14:16:14:18 | bar | tst.js:15:9:15:11 | bar |
| tst.js:17:7:17:9 | foo | tst.js:14:16:14:18 | bar |
| tst.js:45:9:45:35 | foo | tst.js:46:5:46:7 | foo |
| tst.js:45:9:45:35 | foo | tst.js:46:5:46:7 | foo |
| tst.js:45:15:45:35 | ctx.req ... ery.foo | tst.js:45:9:45:35 | foo |
| tst.js:45:15:45:35 | ctx.req ... ery.foo | tst.js:45:9:45:35 | foo |
#select
| tst.js:6:5:6:7 | foo | tst.js:5:15:5:27 | req.query.foo | tst.js:6:5:6:7 | foo | Potential type confusion for $@. | tst.js:5:15:5:27 | req.query.foo | HTTP request parameter |

18
javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected
View File

@@ -1,14 +1,32 @@
nodes
| HttpToFileAccess.js:5:18:5:18 | d |
| HttpToFileAccess.js:5:18:5:18 | d |
| HttpToFileAccess.js:6:37:6:37 | d |
| HttpToFileAccess.js:6:37:6:37 | d |
| tst.js:15:26:15:26 | c |
| tst.js:15:26:15:26 | c |
| tst.js:16:33:16:33 | c |
| tst.js:16:33:16:33 | c |
| tst.js:19:25:19:25 | c |
| tst.js:19:25:19:25 | c |
| tst.js:24:22:24:22 | c |
| tst.js:24:22:24:22 | c |
edges
| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d |
| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d |
| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d |
| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d |
| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c |
| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c |
| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c |
| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c |
| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c |
| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c |
| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c |
| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c |
| tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c |
| tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c |
| tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c |
| tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c |
#select
| HttpToFileAccess.js:6:37:6:37 | d | HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | $@ flows to file system | HttpToFileAccess.js:5:18:5:18 | d | Untrusted data |

3
javascript/ql/test/query-tests/Security/CWE-916/InsufficientPasswordHash.expected
View File

@@ -1,8 +1,11 @@
nodes
| tst.js:5:48:5:55 | password |
| tst.js:5:48:5:55 | password |
| tst.js:5:48:5:55 | password |
| tst.js:7:46:7:53 | password |
| tst.js:7:46:7:53 | password |
| tst.js:7:46:7:53 | password |
| tst.js:9:43:9:50 | password |
| tst.js:9:43:9:50 | password |
| tst.js:9:43:9:50 | password |
edges

26
javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
View File

@@ -4,34 +4,51 @@ nodes
| tst.js:14:19:14:48 | url.par ... ).query |
| tst.js:14:19:14:52 | url.par ... ery.url |
| tst.js:14:29:14:35 | req.url |
| tst.js:14:29:14:35 | req.url |
| tst.js:18:13:18:19 | tainted |
| tst.js:18:13:18:19 | tainted |
| tst.js:20:17:20:23 | tainted |
| tst.js:20:17:20:23 | tainted |
| tst.js:23:19:23:25 | tainted |
| tst.js:23:19:23:25 | tainted |
| tst.js:26:13:26:31 | "http://" + tainted |
| tst.js:26:13:26:31 | "http://" + tainted |
| tst.js:26:25:26:31 | tainted |
| tst.js:28:13:28:42 | "http:/ ... tainted |
| tst.js:28:13:28:42 | "http:/ ... tainted |
| tst.js:28:36:28:42 | tainted |
| tst.js:30:13:30:43 | "http:/ ... tainted |
| tst.js:30:13:30:43 | "http:/ ... tainted |
| tst.js:30:37:30:43 | tainted |
| tst.js:34:34:34:40 | tainted |
| tst.js:34:34:34:40 | tainted |
| tst.js:36:16:36:31 | new Uri(tainted) |
| tst.js:36:16:36:31 | new Uri(tainted) |
| tst.js:36:24:36:30 | tainted |
| tst.js:37:22:37:37 | new Uri(tainted) |
| tst.js:37:22:37:37 | new Uri(tainted) |
| tst.js:37:30:37:36 | tainted |
| tst.js:41:13:41:51 | `http:/ ... inted}` |
| tst.js:41:13:41:51 | `http:/ ... inted}` |
| tst.js:41:43:41:49 | tainted |
| tst.js:43:13:43:54 | `http:/ ... inted}` |
| tst.js:43:13:43:54 | `http:/ ... inted}` |
| tst.js:43:46:43:52 | tainted |
| tst.js:45:13:45:56 | 'http:/ ... tainted |
| tst.js:45:13:45:56 | 'http:/ ... tainted |
| tst.js:45:50:45:56 | tainted |
edges
| tst.js:14:9:14:52 | tainted | tst.js:18:13:18:19 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:18:13:18:19 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:20:17:20:23 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:20:17:20:23 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:23:19:23:25 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:23:19:23:25 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:26:25:26:31 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:28:36:28:42 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:30:37:30:43 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:34:34:34:40 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:34:34:34:40 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:36:24:36:30 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:37:30:37:36 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:41:43:41:49 | tainted |
@@ -41,13 +58,22 @@ edges
| tst.js:14:19:14:48 | url.par ... ).query | tst.js:14:19:14:52 | url.par ... ery.url |
| tst.js:14:19:14:52 | url.par ... ery.url | tst.js:14:9:14:52 | tainted |
| tst.js:14:29:14:35 | req.url | tst.js:14:19:14:42 | url.par ... , true) |
| tst.js:14:29:14:35 | req.url | tst.js:14:19:14:42 | url.par ... , true) |
| tst.js:26:25:26:31 | tainted | tst.js:26:13:26:31 | "http://" + tainted |
| tst.js:26:25:26:31 | tainted | tst.js:26:13:26:31 | "http://" + tainted |
| tst.js:28:36:28:42 | tainted | tst.js:28:13:28:42 | "http:/ ... tainted |
| tst.js:28:36:28:42 | tainted | tst.js:28:13:28:42 | "http:/ ... tainted |
| tst.js:30:37:30:43 | tainted | tst.js:30:13:30:43 | "http:/ ... tainted |
| tst.js:30:37:30:43 | tainted | tst.js:30:13:30:43 | "http:/ ... tainted |
| tst.js:36:24:36:30 | tainted | tst.js:36:16:36:31 | new Uri(tainted) |
| tst.js:36:24:36:30 | tainted | tst.js:36:16:36:31 | new Uri(tainted) |
| tst.js:37:30:37:36 | tainted | tst.js:37:22:37:37 | new Uri(tainted) |
| tst.js:37:30:37:36 | tainted | tst.js:37:22:37:37 | new Uri(tainted) |
| tst.js:41:43:41:49 | tainted | tst.js:41:13:41:51 | `http:/ ... inted}` |
| tst.js:41:43:41:49 | tainted | tst.js:41:13:41:51 | `http:/ ... inted}` |
| tst.js:43:46:43:52 | tainted | tst.js:43:13:43:54 | `http:/ ... inted}` |
| tst.js:43:46:43:52 | tainted | tst.js:43:13:43:54 | `http:/ ... inted}` |
| tst.js:45:50:45:56 | tainted | tst.js:45:13:45:56 | 'http:/ ... tainted |
| tst.js:45:50:45:56 | tainted | tst.js:45:13:45:56 | 'http:/ ... tainted |
#select
| tst.js:18:5:18:20 | request(tainted) | tst.js:14:29:14:35 | req.url | tst.js:18:13:18:19 | tainted | The $@ of this request depends on $@. | tst.js:18:13:18:19 | tainted | URL | tst.js:14:29:14:35 | req.url | a user-provided value |