hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: add additional flow steps to js/path-injection

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2020-01-31 22:52:30 +01:00
parent 7ca7bdfc46
commit bbd60f52ba
5 changed files with 1021 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll
View File

@@ -67,6 +67,40 @@ module TaintedPath {
read.getPropertyName() != "length" and
srclabel = dstlabel
)
or
// string method calls of interest
exists(DataFlow::MethodCallNode mcn | srclabel = dstlabel |
exists(string substringMethodName |
substringMethodName = "substr" or
substringMethodName = "substring" or
substringMethodName = "slice"
|
mcn.calls(src, substringMethodName) and
// to avoid very dynamic transformations, require at least one fixed index
exists(mcn.getAnArgument().asExpr().getIntValue()) and
dst = mcn
) or
exists(string argumentlessMethodName |
argumentlessMethodName = "toLocaleLowerCase" or
argumentlessMethodName = "toLocaleUpperCase" or
argumentlessMethodName = "toLowerCase" or
argumentlessMethodName = "toUpperCase" or
argumentlessMethodName = "trim" or
argumentlessMethodName = "trimLeft" or
argumentlessMethodName = "trimRight"
|
mcn.calls(src, argumentlessMethodName) and
dst = mcn
)
or
mcn.calls(src, "split") and
dst = mcn and
not exists (DataFlow::Node splitBy |
splitBy = mcn.getArgument(0)|
splitBy.mayHaveStringValue("/") or
any(DataFlow::RegExpLiteralNode reg | reg.getRoot().getAMatchedString() = "/").flowsTo(splitBy)
)
)
}
/**

5
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.expected
View File

@@ -1 +1,6 @@
| normalizedPaths.js:208:38:208:63 | // OK - ... anyway | Spurious alert |
| tainted-string-steps.js:13:41:13:72 | // NOT ... flagged | Missing alert |
| tainted-string-steps.js:14:41:14:72 | // NOT ... flagged | Missing alert |
| tainted-string-steps.js:15:50:15:81 | // NOT ... flagged | Missing alert |
| tainted-string-steps.js:25:43:25:74 | // NOT ... flagged | Missing alert |
| tainted-string-steps.js:26:49:26:74 | // OK - ... flagged | Spurious alert |

951
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
View File

@@ -1183,6 +1183,404 @@ nodes
| tainted-sendFile.js:25:34:25:45 | req.params.x |
| tainted-sendFile.js:25:34:25:45 | req.params.x |
| tainted-sendFile.js:25:34:25:45 | req.params.x |
| tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:24:6:30 | req.url |
| tainted-string-steps.js:6:24:6:30 | req.url |
| tainted-string-steps.js:6:24:6:30 | req.url |
| tainted-string-steps.js:6:24:6:30 | req.url |
| tainted-string-steps.js:6:24:6:30 | req.url |
| tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| torrents.js:5:6:5:38 | name |
| torrents.js:5:6:5:38 | name |
| torrents.js:5:6:5:38 | name |
@@ -2930,6 +3328,550 @@ edges
| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) |
| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) |
| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] |
| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) |
| torrents.js:5:6:5:38 | name | torrents.js:6:24:6:27 | name |
| torrents.js:5:6:5:38 | name | torrents.js:6:24:6:27 | name |
| torrents.js:5:6:5:38 | name | torrents.js:6:24:6:27 | name |
@@ -3022,5 +3964,14 @@ edges
| tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") | This path depends on $@. | tainted-sendFile.js:18:43:18:58 | req.param("dir") | a user-provided value |
| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | This path depends on $@. | tainted-sendFile.js:24:37:24:48 | req.params.x | a user-provided value |
| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | This path depends on $@. | tainted-sendFile.js:25:34:25:45 | req.params.x | a user-provided value |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:8:18:8:34 | path.substring(4) | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:10:18:10:31 | path.substr(4) | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:11:18:11:30 | path.slice(4) | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:17:18:17:28 | path.trim() | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:17:18:17:28 | path.trim() | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| torrents.js:7:25:7:27 | loc | torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:7:25:7:27 | loc | This path depends on $@. | torrents.js:5:13:5:38 | parseTo ... t).name | a user-provided value |
| views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | This path depends on $@. | views.js:1:43:1:55 | req.params[0] | a user-provided value |

30
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-string-steps.js Normal file
View File

@@ -0,0 +1,30 @@
var fs = require('fs'),
http = require('http'),
url = require('url');
var server = http.createServer(function(req, res) {
let path = url.parse(req.url, true).query.path;
fs.readFileSync(path.substring(i, j)); // OK
fs.readFileSync(path.substring(4)); // NOT OK
fs.readFileSync(path.substring(0, i)); // NOT OK
fs.readFileSync(path.substr(4)); // NOT OK
fs.readFileSync(path.slice(4)); // NOT OK
fs.readFileSync(path.concat(unknown)); // NOT OK -- but not yet flagged
fs.readFileSync(unknown.concat(path)); // NOT OK -- but not yet flagged
fs.readFileSync(unknown.concat(unknown, path)); // NOT OK -- but not yet flagged
fs.readFileSync(path.trim()); // NOT OK
fs.readFileSync(path.toLowerCase()); // NOT OK
fs.readFileSync(path.split('/')); // OK -- for now
fs.readFileSync(path.split('/')[0]); // OK -- for now
fs.readFileSync(path.split('/')[i]); // OK -- for now
fs.readFileSync(path.split(/\//)[i]); // OK -- for now
fs.readFileSync(path.split("?")[0]); // NOT OK
fs.readFileSync(path.split(unknown)[i]); // NOT OK -- but not yet flagged
fs.readFileSync(path.split(unknown).whatever); // OK -- but still flagged
fs.readFileSync(path.split(unknown)); // NOT OK
});
server.listen();