hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Messy test output updates

Browse Source 
These initially got messed up by a merge conflict where I couldn't rerun the tests due to breaking
changes in the data flow library. I wanted the breaking-change updates to live in their own commits,
not just eaten by a merge resolution commit, so the test output became broken for a while.

The '#select' result set is unchanged in all of these, so they should be safe to accept.
This commit is contained in:
Asger F
2024-06-27 11:59:56 +02:00
parent 90f0e07e49
commit c3806a2210
9 changed files with 2540 additions and 9398 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5324
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
View File

File diff suppressed because it is too large Load Diff

2311
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
View File

File diff suppressed because it is too large Load Diff

2395
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
View File

File diff suppressed because it is too large Load Diff

148
javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected
View File

@@ -80,80 +80,80 @@ nodes
| exception-xss.js:180:26:180:30 | error | semmle.label | error |
| exception-xss.js:182:19:182:23 | error | semmle.label | error |
edges
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:9:11:9:13 | foo |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:15:9:15:11 | foo |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:21:11:21:13 | foo |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:33:19:33:21 | foo |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:46:16:46:18 | foo |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:81:16:81:18 | foo |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:89:11:89:13 | foo |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:95:12:95:14 | foo |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:102:12:102:14 | foo |
| exception-xss.js:2:12:2:28 | document.location | exception-xss.js:2:6:2:28 | foo |
| exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x |
| exception-xss.js:9:11:9:13 | foo | exception-xss.js:10:11:10:11 | e |
| exception-xss.js:10:11:10:11 | e | exception-xss.js:11:18:11:18 | e |
| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | exception-xss.js:16:11:16:11 | e |
| exception-xss.js:15:9:15:11 | foo | exception-xss.js:4:17:4:17 | x |
| exception-xss.js:15:9:15:11 | foo | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) |
| exception-xss.js:16:11:16:11 | e | exception-xss.js:17:18:17:18 | e |
| exception-xss.js:21:11:21:13 | foo | exception-xss.js:21:11:21:21 | foo + "bar" |
| exception-xss.js:21:11:21:21 | foo + "bar" | exception-xss.js:22:11:22:11 | e |
| exception-xss.js:22:11:22:11 | e | exception-xss.js:23:18:23:18 | e |
| exception-xss.js:33:11:33:22 | ["bar", foo] | exception-xss.js:34:11:34:11 | e |
| exception-xss.js:33:19:33:21 | foo | exception-xss.js:33:11:33:22 | ["bar", foo] |
| exception-xss.js:34:11:34:11 | e | exception-xss.js:35:18:35:18 | e |
| exception-xss.js:38:16:38:16 | x | exception-xss.js:39:9:39:9 | x |
| exception-xss.js:39:9:39:9 | x | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) |
| exception-xss.js:39:9:39:9 | x | exception-xss.js:41:17:41:17 | x |
| exception-xss.js:41:17:41:17 | x | exception-xss.js:42:9:42:9 | x |
| exception-xss.js:42:9:42:9 | x | exception-xss.js:4:17:4:17 | x |
| exception-xss.js:42:9:42:9 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) |
| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | exception-xss.js:47:11:47:11 | e |
| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:38:16:38:16 | x |
| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) |
| exception-xss.js:46:16:46:18 | foo | exception-xss.js:46:8:46:18 | "bar" + foo |
| exception-xss.js:47:11:47:11 | e | exception-xss.js:48:18:48:18 | e |
| exception-xss.js:74:28:74:28 | x | exception-xss.js:75:10:75:10 | x |
| exception-xss.js:75:10:75:10 | x | exception-xss.js:4:17:4:17 | x |
| exception-xss.js:75:10:75:10 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) |
| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | exception-xss.js:82:11:82:11 | e |
| exception-xss.js:81:16:81:18 | foo | exception-xss.js:74:28:74:28 | x |
| exception-xss.js:81:16:81:18 | foo | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) |
| exception-xss.js:82:11:82:11 | e | exception-xss.js:83:18:83:18 | e |
| exception-xss.js:89:11:89:13 | foo | exception-xss.js:89:11:89:26 | foo.match(/foo/) |
| exception-xss.js:89:11:89:26 | foo.match(/foo/) | exception-xss.js:90:11:90:11 | e |
| exception-xss.js:90:11:90:11 | e | exception-xss.js:91:18:91:18 | e |
| exception-xss.js:95:11:95:22 | [foo, "bar"] | exception-xss.js:96:11:96:11 | e |
| exception-xss.js:95:12:95:14 | foo | exception-xss.js:95:11:95:22 | [foo, "bar"] |
| exception-xss.js:96:11:96:11 | e | exception-xss.js:97:18:97:18 | e |
| exception-xss.js:102:12:102:14 | foo | exception-xss.js:106:11:106:11 | e |
| exception-xss.js:106:11:106:11 | e | exception-xss.js:107:18:107:18 | e |
| exception-xss.js:117:11:117:23 | req.params.id | exception-xss.js:118:11:118:11 | e |
| exception-xss.js:118:11:118:11 | e | exception-xss.js:119:28:119:28 | e |
| exception-xss.js:119:28:119:28 | e | exception-xss.js:119:12:119:28 | "Exception: " + e |
| exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') |
| exception-xss.js:128:11:128:52 | session ... ssion') | exception-xss.js:129:11:129:11 | e |
| exception-xss.js:129:11:129:11 | e | exception-xss.js:130:18:130:18 | e |
| exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:136:26:136:30 | error |
| exception-xss.js:136:26:136:30 | error | exception-xss.js:138:19:138:23 | error |
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:148:33:148:35 | foo |
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:153:8:153:10 | foo |
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:174:31:174:33 | foo |
| exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo |
| exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] | exception-xss.js:148:55:148:55 | e |
| exception-xss.js:148:33:148:35 | foo | exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] |
| exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e |
| exception-xss.js:153:8:153:10 | foo | exception-xss.js:154:11:154:11 | e |
| exception-xss.js:154:11:154:11 | e | exception-xss.js:155:18:155:18 | e |
| exception-xss.js:170:17:170:23 | tainted | exception-xss.js:171:11:171:17 | tainted |
| exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] | exception-xss.js:174:53:174:53 | e |
| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] |
| exception-xss.js:174:31:174:33 | foo | exception-xss.js:170:17:170:23 | tainted |
| exception-xss.js:174:31:174:33 | foo | exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) |
| exception-xss.js:174:53:174:53 | e | exception-xss.js:175:18:175:18 | e |
| exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:180:26:180:30 | error |
| exception-xss.js:180:26:180:30 | error | exception-xss.js:182:19:182:23 | error |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:9:11:9:13 | foo | provenance | |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:15:9:15:11 | foo | provenance | |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:21:11:21:13 | foo | provenance | |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:33:19:33:21 | foo | provenance | |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:46:16:46:18 | foo | provenance | |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:81:16:81:18 | foo | provenance | |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:89:11:89:13 | foo | provenance | |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:95:12:95:14 | foo | provenance | |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:102:12:102:14 | foo | provenance | |
| exception-xss.js:2:12:2:28 | document.location | exception-xss.js:2:6:2:28 | foo | provenance | |
| exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | provenance | |
| exception-xss.js:9:11:9:13 | foo | exception-xss.js:10:11:10:11 | e | provenance | Config |
| exception-xss.js:10:11:10:11 | e | exception-xss.js:11:18:11:18 | e | provenance | |
| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | exception-xss.js:16:11:16:11 | e | provenance | |
| exception-xss.js:15:9:15:11 | foo | exception-xss.js:4:17:4:17 | x | provenance | |
| exception-xss.js:15:9:15:11 | foo | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | provenance | Config |
| exception-xss.js:16:11:16:11 | e | exception-xss.js:17:18:17:18 | e | provenance | |
| exception-xss.js:21:11:21:13 | foo | exception-xss.js:21:11:21:21 | foo + "bar" | provenance | |
| exception-xss.js:21:11:21:21 | foo + "bar" | exception-xss.js:22:11:22:11 | e | provenance | Config |
| exception-xss.js:22:11:22:11 | e | exception-xss.js:23:18:23:18 | e | provenance | |
| exception-xss.js:33:11:33:22 | ["bar", foo] | exception-xss.js:34:11:34:11 | e | provenance | Config |
| exception-xss.js:33:19:33:21 | foo | exception-xss.js:33:11:33:22 | ["bar", foo] | provenance | |
| exception-xss.js:34:11:34:11 | e | exception-xss.js:35:18:35:18 | e | provenance | |
| exception-xss.js:38:16:38:16 | x | exception-xss.js:39:9:39:9 | x | provenance | |
| exception-xss.js:39:9:39:9 | x | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | provenance | |
| exception-xss.js:39:9:39:9 | x | exception-xss.js:41:17:41:17 | x | provenance | |
| exception-xss.js:41:17:41:17 | x | exception-xss.js:42:9:42:9 | x | provenance | |
| exception-xss.js:42:9:42:9 | x | exception-xss.js:4:17:4:17 | x | provenance | |
| exception-xss.js:42:9:42:9 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) | provenance | Config |
| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | exception-xss.js:47:11:47:11 | e | provenance | |
| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:38:16:38:16 | x | provenance | |
| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | provenance | |
| exception-xss.js:46:16:46:18 | foo | exception-xss.js:46:8:46:18 | "bar" + foo | provenance | |
| exception-xss.js:47:11:47:11 | e | exception-xss.js:48:18:48:18 | e | provenance | |
| exception-xss.js:74:28:74:28 | x | exception-xss.js:75:10:75:10 | x | provenance | |
| exception-xss.js:75:10:75:10 | x | exception-xss.js:4:17:4:17 | x | provenance | |
| exception-xss.js:75:10:75:10 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) | provenance | Config |
| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | exception-xss.js:82:11:82:11 | e | provenance | |
| exception-xss.js:81:16:81:18 | foo | exception-xss.js:74:28:74:28 | x | provenance | |
| exception-xss.js:81:16:81:18 | foo | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | provenance | |
| exception-xss.js:82:11:82:11 | e | exception-xss.js:83:18:83:18 | e | provenance | |
| exception-xss.js:89:11:89:13 | foo | exception-xss.js:89:11:89:26 | foo.match(/foo/) | provenance | |
| exception-xss.js:89:11:89:26 | foo.match(/foo/) | exception-xss.js:90:11:90:11 | e | provenance | Config |
| exception-xss.js:90:11:90:11 | e | exception-xss.js:91:18:91:18 | e | provenance | |
| exception-xss.js:95:11:95:22 | [foo, "bar"] | exception-xss.js:96:11:96:11 | e | provenance | Config |
| exception-xss.js:95:12:95:14 | foo | exception-xss.js:95:11:95:22 | [foo, "bar"] | provenance | |
| exception-xss.js:96:11:96:11 | e | exception-xss.js:97:18:97:18 | e | provenance | |
| exception-xss.js:102:12:102:14 | foo | exception-xss.js:106:11:106:11 | e | provenance | Config |
| exception-xss.js:106:11:106:11 | e | exception-xss.js:107:18:107:18 | e | provenance | |
| exception-xss.js:117:11:117:23 | req.params.id | exception-xss.js:118:11:118:11 | e | provenance | Config |
| exception-xss.js:118:11:118:11 | e | exception-xss.js:119:28:119:28 | e | provenance | |
| exception-xss.js:119:28:119:28 | e | exception-xss.js:119:12:119:28 | "Exception: " + e | provenance | |
| exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') | provenance | |
| exception-xss.js:128:11:128:52 | session ... ssion') | exception-xss.js:129:11:129:11 | e | provenance | Config |
| exception-xss.js:129:11:129:11 | e | exception-xss.js:130:18:130:18 | e | provenance | |
| exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:136:26:136:30 | error | provenance | Config |
| exception-xss.js:136:26:136:30 | error | exception-xss.js:138:19:138:23 | error | provenance | |
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:148:33:148:35 | foo | provenance | |
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:153:8:153:10 | foo | provenance | |
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:174:31:174:33 | foo | provenance | |
| exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo | provenance | |
| exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] | exception-xss.js:148:55:148:55 | e | provenance | |
| exception-xss.js:148:33:148:35 | foo | exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] | provenance | Config |
| exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e | provenance | |
| exception-xss.js:153:8:153:10 | foo | exception-xss.js:154:11:154:11 | e | provenance | Config |
| exception-xss.js:154:11:154:11 | e | exception-xss.js:155:18:155:18 | e | provenance | |
| exception-xss.js:170:17:170:23 | tainted | exception-xss.js:171:11:171:17 | tainted | provenance | |
| exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] | exception-xss.js:174:53:174:53 | e | provenance | |
| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] | provenance | |
| exception-xss.js:174:31:174:33 | foo | exception-xss.js:170:17:170:23 | tainted | provenance | |
| exception-xss.js:174:31:174:33 | foo | exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | provenance | Config |
| exception-xss.js:174:53:174:53 | e | exception-xss.js:175:18:175:18 | e | provenance | |
| exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:180:26:180:30 | error | provenance | Config |
| exception-xss.js:180:26:180:30 | error | exception-xss.js:182:19:182:23 | error | provenance | |
subpaths
| exception-xss.js:15:9:15:11 | foo | exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) |
| exception-xss.js:39:9:39:9 | x | exception-xss.js:41:17:41:17 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) |

810
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected
View File

@@ -1,484 +1,334 @@
nodes
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id |
| ReflectedXss.js:8:33:8:45 | req.params.id |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id |
| ReflectedXss.js:17:31:17:39 | params.id |
| ReflectedXss.js:22:12:22:19 | req.body |
| ReflectedXss.js:22:12:22:19 | req.body |
| ReflectedXss.js:22:12:22:19 | req.body |
| ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body |
| ReflectedXss.js:23:19:23:26 | req.body |
| ReflectedXss.js:29:12:29:19 | req.body |
| ReflectedXss.js:29:12:29:19 | req.body |
| ReflectedXss.js:29:12:29:19 | req.body |
| ReflectedXss.js:30:7:33:4 | mytable |
| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) |
| ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] |
| ReflectedXss.js:32:5:32:22 | ['body', req.body] |
| ReflectedXss.js:32:14:32:21 | req.body |
| ReflectedXss.js:32:14:32:21 | req.body |
| ReflectedXss.js:34:12:34:18 | mytable |
| ReflectedXss.js:34:12:34:18 | mytable |
| ReflectedXss.js:41:12:41:19 | req.body |
| ReflectedXss.js:41:12:41:19 | req.body |
| ReflectedXss.js:41:12:41:19 | req.body |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body |
| ReflectedXss.js:42:31:42:38 | req.body |
| ReflectedXss.js:56:12:56:19 | req.body |
| ReflectedXss.js:56:12:56:19 | req.body |
| ReflectedXss.js:56:12:56:19 | req.body |
| ReflectedXss.js:64:14:64:21 | req.body |
| ReflectedXss.js:64:14:64:21 | req.body |
| ReflectedXss.js:64:39:64:42 | file |
| ReflectedXss.js:65:16:65:19 | file |
| ReflectedXss.js:65:16:65:19 | file |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) |
| ReflectedXss.js:68:12:68:52 | remark( ... tring() |
| ReflectedXss.js:68:12:68:52 | remark( ... tring() |
| ReflectedXss.js:68:33:68:40 | req.body |
| ReflectedXss.js:68:33:68:40 | req.body |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) |
| ReflectedXss.js:72:12:72:65 | unified ... oString |
| ReflectedXss.js:72:12:72:65 | unified ... oString |
| ReflectedXss.js:72:48:72:55 | req.body |
| ReflectedXss.js:72:48:72:55 | req.body |
| ReflectedXss.js:74:20:74:27 | req.body |
| ReflectedXss.js:74:20:74:27 | req.body |
| ReflectedXss.js:74:34:74:34 | f |
| ReflectedXss.js:75:14:75:14 | f |
| ReflectedXss.js:75:14:75:14 | f |
| ReflectedXss.js:83:12:83:19 | req.body |
| ReflectedXss.js:83:12:83:19 | req.body |
| ReflectedXss.js:83:12:83:19 | req.body |
| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body |
| ReflectedXss.js:84:22:84:29 | req.body |
| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body |
| ReflectedXss.js:85:23:85:30 | req.body |
| ReflectedXss.js:97:12:97:19 | req.body |
| ReflectedXss.js:97:12:97:19 | req.body |
| ReflectedXss.js:97:12:97:19 | req.body |
| ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body |
| ReflectedXss.js:98:30:98:37 | req.body |
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body |
| ReflectedXss.js:100:31:100:38 | req.body |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body |
| ReflectedXss.js:103:76:103:83 | req.body |
| ReflectedXss.js:110:16:110:30 | request.query.p |
| ReflectedXss.js:110:16:110:30 | request.query.p |
| ReflectedXss.js:110:16:110:30 | request.query.p |
| ReflectedXss.js:114:11:114:41 | queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys |
| ReflectedXss.js:116:11:116:45 | keys |
| ReflectedXss.js:116:18:116:26 | queryKeys |
| ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys |
| ReflectedXss.js:118:11:118:61 | keyArray |
| ReflectedXss.js:118:22:118:61 | typeof ... : keys |
| ReflectedXss.js:118:49:118:54 | [keys] |
| ReflectedXss.js:118:50:118:53 | keys |
| ReflectedXss.js:118:58:118:61 | keys |
| ReflectedXss.js:119:11:119:72 | invalidKeys |
| ReflectedXss.js:119:25:119:32 | keyArray |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` |
| ReflectedXss.js:122:33:122:43 | invalidKeys |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id |
| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id |
| ReflectedXssGood3.js:135:9:135:27 | url |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id |
| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| ReflectedXssGood3.js:139:24:139:26 | url |
| etherpad.js:9:5:9:53 | response |
| etherpad.js:9:16:9:30 | req.query.jsonp |
| etherpad.js:9:16:9:30 | req.query.jsonp |
| etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:11:12:11:19 | response |
| etherpad.js:11:12:11:19 | response |
| formatting.js:4:9:4:29 | evil |
| formatting.js:4:16:4:29 | req.query.evil |
| formatting.js:4:16:4:29 | req.query.evil |
| formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:6:43:6:46 | evil |
| formatting.js:7:14:7:53 | require ... , evil) |
| formatting.js:7:14:7:53 | require ... , evil) |
| formatting.js:7:49:7:52 | evil |
| live-server.js:4:11:4:27 | tainted |
| live-server.js:4:21:4:27 | req.url |
| live-server.js:4:21:4:27 | req.url |
| live-server.js:6:13:6:50 | `<html> ... /html>` |
| live-server.js:6:13:6:50 | `<html> ... /html>` |
| live-server.js:6:28:6:34 | tainted |
| live-server.js:10:11:10:27 | tainted |
| live-server.js:10:21:10:27 | req.url |
| live-server.js:10:21:10:27 | req.url |
| live-server.js:12:13:12:50 | `<html> ... /html>` |
| live-server.js:12:13:12:50 | `<html> ... /html>` |
| live-server.js:12:28:12:34 | tainted |
| pages/Next.jsx:8:13:8:19 | req.url |
| pages/Next.jsx:8:13:8:19 | req.url |
| pages/Next.jsx:8:13:8:19 | req.url |
| pages/Next.jsx:15:13:15:19 | req.url |
| pages/Next.jsx:15:13:15:19 | req.url |
| pages/Next.jsx:15:13:15:19 | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url |
| partial.js:9:25:9:25 | x |
| partial.js:10:14:10:14 | x |
| partial.js:10:14:10:18 | x + y |
| partial.js:10:14:10:18 | x + y |
| partial.js:13:42:13:48 | req.url |
| partial.js:13:42:13:48 | req.url |
| partial.js:18:25:18:25 | x |
| partial.js:19:14:19:14 | x |
| partial.js:19:14:19:18 | x + y |
| partial.js:19:14:19:18 | x + y |
| partial.js:22:51:22:57 | req.url |
| partial.js:22:51:22:57 | req.url |
| partial.js:27:25:27:25 | x |
| partial.js:28:14:28:14 | x |
| partial.js:28:14:28:18 | x + y |
| partial.js:28:14:28:18 | x + y |
| partial.js:31:47:31:53 | req.url |
| partial.js:31:47:31:53 | req.url |
| partial.js:36:25:36:25 | x |
| partial.js:37:14:37:14 | x |
| partial.js:37:14:37:18 | x + y |
| partial.js:37:14:37:18 | x + y |
| partial.js:40:43:40:49 | req.url |
| partial.js:40:43:40:49 | req.url |
| promises.js:5:3:5:59 | new Pro ... .data)) |
| promises.js:5:44:5:57 | req.query.data |
| promises.js:5:44:5:57 | req.query.data |
| promises.js:6:11:6:11 | x |
| promises.js:6:25:6:25 | x |
| promises.js:6:25:6:25 | x |
| tst2.js:6:7:6:30 | p |
| tst2.js:6:7:6:30 | r |
| tst2.js:6:9:6:9 | p |
| tst2.js:6:9:6:9 | p |
| tst2.js:6:12:6:15 | q: r |
| tst2.js:6:12:6:15 | q: r |
| tst2.js:7:12:7:12 | p |
| tst2.js:7:12:7:12 | p |
| tst2.js:8:12:8:12 | r |
| tst2.js:8:12:8:12 | r |
| tst2.js:14:7:14:24 | p |
| tst2.js:14:9:14:9 | p |
| tst2.js:14:9:14:9 | p |
| tst2.js:18:12:18:12 | p |
| tst2.js:18:12:18:12 | p |
| tst2.js:21:14:21:14 | p |
| tst2.js:21:14:21:14 | p |
| tst2.js:30:7:30:24 | p |
| tst2.js:30:9:30:9 | p |
| tst2.js:30:9:30:9 | p |
| tst2.js:33:11:33:11 | p |
| tst2.js:36:12:36:12 | p |
| tst2.js:36:12:36:12 | p |
| tst2.js:37:12:37:18 | other.p |
| tst2.js:37:12:37:18 | other.p |
| tst2.js:43:7:43:24 | p |
| tst2.js:43:9:43:9 | p |
| tst2.js:43:9:43:9 | p |
| tst2.js:49:7:49:53 | unsafe |
| tst2.js:49:16:49:53 | seriali ... true}) |
| tst2.js:49:36:49:36 | p |
| tst2.js:51:12:51:17 | unsafe |
| tst2.js:51:12:51:17 | unsafe |
| tst2.js:57:7:57:24 | p |
| tst2.js:57:9:57:9 | p |
| tst2.js:57:9:57:9 | p |
| tst2.js:60:11:60:11 | p |
| tst2.js:63:12:63:12 | p |
| tst2.js:63:12:63:12 | p |
| tst2.js:64:12:64:18 | other.p |
| tst2.js:64:12:64:18 | other.p |
| tst2.js:69:7:69:24 | p |
| tst2.js:69:9:69:9 | p |
| tst2.js:69:9:69:9 | p |
| tst2.js:72:11:72:11 | p |
| tst2.js:75:12:75:12 | p |
| tst2.js:75:12:75:12 | p |
| tst2.js:76:12:76:18 | other.p |
| tst2.js:76:12:76:18 | other.p |
| tst2.js:82:7:82:24 | p |
| tst2.js:82:9:82:9 | p |
| tst2.js:82:9:82:9 | p |
| tst2.js:85:11:85:11 | p |
| tst2.js:88:12:88:12 | p |
| tst2.js:88:12:88:12 | p |
| tst2.js:89:12:89:18 | other.p |
| tst2.js:89:12:89:18 | other.p |
| tst3.js:5:7:5:24 | p |
| tst3.js:5:9:5:9 | p |
| tst3.js:5:9:5:9 | p |
| tst3.js:6:12:6:12 | p |
| tst3.js:6:12:6:12 | p |
| tst3.js:11:9:11:74 | code |
| tst3.js:11:16:11:74 | prettie ... bel" }) |
| tst3.js:11:32:11:39 | reg.body |
| tst3.js:11:32:11:39 | reg.body |
| tst3.js:12:12:12:15 | code |
| tst3.js:12:12:12:15 | code |
edges
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body |
| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable |
| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable |
| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | ReflectedXss.js:30:7:33:4 | mytable |
| ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] | ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) |
| ReflectedXss.js:32:5:32:22 | ['body', req.body] | ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] |
| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:32:5:32:22 | ['body', req.body] |
| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:32:5:32:22 | ['body', req.body] |
| ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body |
| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file |
| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file |
| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file |
| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() |
| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) |
| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString |
| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) |
| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) |
| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f |
| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f |
| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f |
| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f |
| ReflectedXss.js:83:12:83:19 | req.body | ReflectedXss.js:83:12:83:19 | req.body |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:97:12:97:19 | req.body | ReflectedXss.js:97:12:97:19 | req.body |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p |
| ReflectedXss.js:114:11:114:41 | queryKeys | ReflectedXss.js:116:18:116:26 | queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys |
| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:50:118:53 | keys |
| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:58:118:61 | keys |
| ReflectedXss.js:116:18:116:26 | queryKeys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys |
| ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | ReflectedXss.js:116:11:116:45 | keys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys |
| ReflectedXss.js:118:11:118:61 | keyArray | ReflectedXss.js:119:25:119:32 | keyArray |
| ReflectedXss.js:118:22:118:61 | typeof ... : keys | ReflectedXss.js:118:11:118:61 | keyArray |
| ReflectedXss.js:118:49:118:54 | [keys] | ReflectedXss.js:118:22:118:61 | typeof ... : keys |
| ReflectedXss.js:118:50:118:53 | keys | ReflectedXss.js:118:49:118:54 | [keys] |
| ReflectedXss.js:118:58:118:61 | keys | ReflectedXss.js:118:22:118:61 | typeof ... : keys |
| ReflectedXss.js:119:11:119:72 | invalidKeys | ReflectedXss.js:122:33:122:43 | invalidKeys |
| ReflectedXss.js:119:25:119:32 | keyArray | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | ReflectedXss.js:119:11:119:72 | invalidKeys |
| ReflectedXss.js:122:33:122:43 | invalidKeys | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssGood3.js:135:9:135:27 | url | ReflectedXssGood3.js:139:24:139:26 | url |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url |
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response |
| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:9:16:9:53 | req.que ... e + ")" | etherpad.js:9:5:9:53 | response |
| formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil |
| formatting.js:4:9:4:29 | evil | formatting.js:7:49:7:52 | evil |
| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil |
| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil |
| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) |
| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) |
| live-server.js:4:11:4:27 | tainted | live-server.js:6:28:6:34 | tainted |
| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted |
| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted |
| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | `<html> ... /html>` |
| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | `<html> ... /html>` |
| live-server.js:10:11:10:27 | tainted | live-server.js:12:28:12:34 | tainted |
| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted |
| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted |
| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | `<html> ... /html>` |
| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | `<html> ... /html>` |
| pages/Next.jsx:8:13:8:19 | req.url | pages/Next.jsx:8:13:8:19 | req.url |
| pages/Next.jsx:15:13:15:19 | req.url | pages/Next.jsx:15:13:15:19 | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url | pages/api/myapi.js:2:14:2:20 | req.url |
| partial.js:9:25:9:25 | x | partial.js:10:14:10:14 | x |
| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y |
| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y |
| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x |
| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x |
| partial.js:18:25:18:25 | x | partial.js:19:14:19:14 | x |
| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y |
| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y |
| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x |
| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x |
| partial.js:27:25:27:25 | x | partial.js:28:14:28:14 | x |
| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y |
| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y |
| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x |
| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x |
| partial.js:36:25:36:25 | x | partial.js:37:14:37:14 | x |
| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y |
| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y |
| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x |
| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x |
| promises.js:5:3:5:59 | new Pro ... .data)) | promises.js:6:11:6:11 | x |
| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) |
| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) |
| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x |
| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p |
| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p |
| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r |
| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r |
| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p |
| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p |
| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r |
| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r |
| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p |
| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p |
| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p |
| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p |
| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p |
| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p |
| tst2.js:30:7:30:24 | p | tst2.js:33:11:33:11 | p |
| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p |
| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p |
| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p |
| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p |
| tst2.js:33:11:33:11 | p | tst2.js:37:12:37:18 | other.p |
| tst2.js:33:11:33:11 | p | tst2.js:37:12:37:18 | other.p |
| tst2.js:43:7:43:24 | p | tst2.js:49:36:49:36 | p |
| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p |
| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p |
| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe |
| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe |
| tst2.js:49:16:49:53 | seriali ... true}) | tst2.js:49:7:49:53 | unsafe |
| tst2.js:49:36:49:36 | p | tst2.js:49:16:49:53 | seriali ... true}) |
| tst2.js:57:7:57:24 | p | tst2.js:60:11:60:11 | p |
| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p |
| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p |
| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p |
| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p |
| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p |
| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p |
| tst2.js:69:7:69:24 | p | tst2.js:72:11:72:11 | p |
| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p |
| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p |
| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p |
| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p |
| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p |
| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p |
| tst2.js:82:7:82:24 | p | tst2.js:85:11:85:11 | p |
| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p |
| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p |
| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p |
| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p |
| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p |
| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p |
| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p |
| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p |
| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p |
| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p |
| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code |
| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code |
| tst3.js:11:16:11:74 | prettie ... bel" }) | tst3.js:11:9:11:74 | code |
| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) |
| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) |
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | provenance | |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | provenance | |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | provenance | |
| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable | provenance | |
| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | ReflectedXss.js:30:7:33:4 | mytable | provenance | |
| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | provenance | |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | provenance | |
| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file | provenance | |
| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file | provenance | |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() | provenance | |
| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) | provenance | |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString | provenance | |
| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) | provenance | |
| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f | provenance | |
| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f | provenance | |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | provenance | |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | provenance | |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | provenance | |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | provenance | |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | provenance | |
| ReflectedXss.js:114:11:114:41 | queryKeys | ReflectedXss.js:116:18:116:26 | queryKeys | provenance | |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys | provenance | |
| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:50:118:53 | keys | provenance | |
| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:58:118:61 | keys | provenance | |
| ReflectedXss.js:116:18:116:26 | queryKeys | ReflectedXss.js:116:11:116:45 | keys | provenance | |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:11:116:45 | keys | provenance | |
| ReflectedXss.js:118:11:118:61 | keyArray | ReflectedXss.js:119:25:119:32 | keyArray | provenance | |
| ReflectedXss.js:118:50:118:53 | keys | ReflectedXss.js:118:11:118:61 | keyArray | provenance | |
| ReflectedXss.js:118:58:118:61 | keys | ReflectedXss.js:118:11:118:61 | keyArray | provenance | |
| ReflectedXss.js:119:11:119:72 | invalidKeys | ReflectedXss.js:122:33:122:43 | invalidKeys | provenance | |
| ReflectedXss.js:119:25:119:32 | keyArray | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | provenance | |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | ReflectedXss.js:119:11:119:72 | invalidKeys | provenance | |
| ReflectedXss.js:122:33:122:43 | invalidKeys | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | provenance | |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | provenance | |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | provenance | |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | provenance | |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | provenance | |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | provenance | |
| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:77:16:77:20 | value | provenance | |
| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:105:18:105:22 | value | provenance | |
| ReflectedXssGood3.js:77:7:77:37 | parts | ReflectedXssGood3.js:108:10:108:14 | parts | provenance | |
| ReflectedXssGood3.js:77:16:77:20 | value | ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | provenance | |
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:77:7:77:37 | parts | provenance | |
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:77:7:77:37 | parts | provenance | |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | |
| ReflectedXssGood3.js:105:18:105:22 | value | ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | provenance | |
| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | ReflectedXssGood3.js:105:7:105:11 | [post update] parts | provenance | |
| ReflectedXssGood3.js:108:10:108:14 | parts | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | |
| ReflectedXssGood3.js:135:9:135:27 | url | ReflectedXssGood3.js:139:24:139:26 | url | provenance | |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url | provenance | |
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | provenance | |
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | provenance | |
| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response | provenance | |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:5:9:53 | response | provenance | |
| formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil | provenance | |
| formatting.js:4:9:4:29 | evil | formatting.js:7:49:7:52 | evil | provenance | |
| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil | provenance | |
| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) | provenance | |
| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) | provenance | |
| live-server.js:4:11:4:27 | tainted | live-server.js:6:28:6:34 | tainted | provenance | |
| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted | provenance | |
| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | `<html> ... /html>` | provenance | |
| live-server.js:10:11:10:27 | tainted | live-server.js:12:28:12:34 | tainted | provenance | |
| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted | provenance | |
| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | `<html> ... /html>` | provenance | |
| partial.js:9:25:9:25 | x | partial.js:10:14:10:14 | x | provenance | |
| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y | provenance | |
| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x | provenance | |
| partial.js:18:25:18:25 | x | partial.js:19:14:19:14 | x | provenance | |
| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y | provenance | |
| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x | provenance | |
| partial.js:27:25:27:25 | x | partial.js:28:14:28:14 | x | provenance | |
| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y | provenance | |
| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x | provenance | |
| partial.js:36:25:36:25 | x | partial.js:37:14:37:14 | x | provenance | |
| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y | provenance | |
| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x | provenance | |
| promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | promises.js:6:11:6:11 | x | provenance | |
| promises.js:5:16:5:22 | resolve [Return] [resolve-value] | promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | provenance | |
| promises.js:5:36:5:42 | [post update] resolve [resolve-value] | promises.js:5:16:5:22 | resolve [Return] [resolve-value] | provenance | |
| promises.js:5:44:5:57 | req.query.data | promises.js:5:36:5:42 | [post update] resolve [resolve-value] | provenance | |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x | provenance | |
| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p | provenance | |
| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r | provenance | |
| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p | provenance | |
| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r | provenance | |
| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p | provenance | |
| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p | provenance | |
| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p | provenance | |
| tst2.js:30:7:30:24 | p | tst2.js:33:11:33:11 | p | provenance | |
| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p | provenance | |
| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p | provenance | |
| tst2.js:32:7:32:14 | obj [p] | tst2.js:34:21:34:23 | obj [p] | provenance | |
| tst2.js:33:3:33:5 | [post update] obj [p] | tst2.js:32:7:32:14 | obj [p] | provenance | |
| tst2.js:33:11:33:11 | p | tst2.js:33:3:33:5 | [post update] obj [p] | provenance | |
| tst2.js:34:7:34:24 | other [p] | tst2.js:37:12:37:16 | other [p] | provenance | |
| tst2.js:34:15:34:24 | clone(obj) [p] | tst2.js:34:7:34:24 | other [p] | provenance | |
| tst2.js:34:21:34:23 | obj [p] | tst2.js:34:15:34:24 | clone(obj) [p] | provenance | |
| tst2.js:37:12:37:16 | other [p] | tst2.js:37:12:37:18 | other.p | provenance | |
| tst2.js:43:7:43:24 | p | tst2.js:49:36:49:36 | p | provenance | |
| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p | provenance | |
| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe | provenance | |
| tst2.js:49:16:49:53 | seriali ... true}) | tst2.js:49:7:49:53 | unsafe | provenance | |
| tst2.js:49:36:49:36 | p | tst2.js:49:16:49:53 | seriali ... true}) | provenance | |
| tst2.js:57:7:57:24 | p | tst2.js:60:11:60:11 | p | provenance | |
| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p | provenance | |
| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p | provenance | |
| tst2.js:59:7:59:14 | obj [p] | tst2.js:61:22:61:24 | obj [p] | provenance | |
| tst2.js:60:3:60:5 | [post update] obj [p] | tst2.js:59:7:59:14 | obj [p] | provenance | |
| tst2.js:60:11:60:11 | p | tst2.js:60:3:60:5 | [post update] obj [p] | provenance | |
| tst2.js:61:7:61:25 | other [p] | tst2.js:64:12:64:16 | other [p] | provenance | |
| tst2.js:61:15:61:25 | fclone(obj) [p] | tst2.js:61:7:61:25 | other [p] | provenance | |
| tst2.js:61:22:61:24 | obj [p] | tst2.js:61:15:61:25 | fclone(obj) [p] | provenance | |
| tst2.js:64:12:64:16 | other [p] | tst2.js:64:12:64:18 | other.p | provenance | |
| tst2.js:69:7:69:24 | p | tst2.js:72:11:72:11 | p | provenance | |
| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p | provenance | |
| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p | provenance | |
| tst2.js:71:7:71:14 | obj [p] | tst2.js:73:40:73:42 | obj [p] | provenance | |
| tst2.js:72:3:72:5 | [post update] obj [p] | tst2.js:71:7:71:14 | obj [p] | provenance | |
| tst2.js:72:11:72:11 | p | tst2.js:72:3:72:5 | [post update] obj [p] | provenance | |
| tst2.js:73:7:73:44 | other [p] | tst2.js:76:12:76:16 | other [p] | provenance | |
| tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | tst2.js:73:7:73:44 | other [p] | provenance | |
| tst2.js:73:29:73:43 | jc.decycle(obj) [p] | tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | provenance | |
| tst2.js:73:40:73:42 | obj [p] | tst2.js:73:29:73:43 | jc.decycle(obj) [p] | provenance | |
| tst2.js:76:12:76:16 | other [p] | tst2.js:76:12:76:18 | other.p | provenance | |
| tst2.js:82:7:82:24 | p | tst2.js:85:11:85:11 | p | provenance | |
| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p | provenance | |
| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p | provenance | |
| tst2.js:84:7:84:14 | obj [p] | tst2.js:86:24:86:26 | obj [p] | provenance | |
| tst2.js:85:3:85:5 | [post update] obj [p] | tst2.js:84:7:84:14 | obj [p] | provenance | |
| tst2.js:85:11:85:11 | p | tst2.js:85:3:85:5 | [post update] obj [p] | provenance | |
| tst2.js:86:7:86:27 | other [p] | tst2.js:89:12:89:16 | other [p] | provenance | |
| tst2.js:86:15:86:27 | sortKeys(obj) [p] | tst2.js:86:7:86:27 | other [p] | provenance | |
| tst2.js:86:24:86:26 | obj [p] | tst2.js:86:15:86:27 | sortKeys(obj) [p] | provenance | |
| tst2.js:89:12:89:16 | other [p] | tst2.js:89:12:89:18 | other.p | provenance | |
| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p | provenance | |
| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p | provenance | |
| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code | provenance | |
| tst3.js:11:16:11:74 | prettie ... bel" }) | tst3.js:11:9:11:74 | code | provenance | |
| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) | provenance | |
nodes
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | semmle.label | req.params.id |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | semmle.label | params.id |
| ReflectedXss.js:22:12:22:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:23:12:23:27 | marked(req.body) | semmle.label | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body | semmle.label | req.body |
| ReflectedXss.js:29:12:29:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:30:7:33:4 | mytable | semmle.label | mytable |
| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | semmle.label | table([ ... y]\\n ]) |
| ReflectedXss.js:32:14:32:21 | req.body | semmle.label | req.body |
| ReflectedXss.js:34:12:34:18 | mytable | semmle.label | mytable |
| ReflectedXss.js:41:12:41:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) | semmle.label | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body | semmle.label | req.body |
| ReflectedXss.js:56:12:56:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:64:14:64:21 | req.body | semmle.label | req.body |
| ReflectedXss.js:64:39:64:42 | file | semmle.label | file |
| ReflectedXss.js:65:16:65:19 | file | semmle.label | file |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | semmle.label | remark( ... q.body) |
| ReflectedXss.js:68:12:68:52 | remark( ... tring() | semmle.label | remark( ... tring() |
| ReflectedXss.js:68:33:68:40 | req.body | semmle.label | req.body |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) | semmle.label | unified ... q.body) |
| ReflectedXss.js:72:12:72:65 | unified ... oString | semmle.label | unified ... oString |
| ReflectedXss.js:72:48:72:55 | req.body | semmle.label | req.body |
| ReflectedXss.js:74:20:74:27 | req.body | semmle.label | req.body |
| ReflectedXss.js:74:34:74:34 | f | semmle.label | f |
| ReflectedXss.js:75:14:75:14 | f | semmle.label | f |
| ReflectedXss.js:83:12:83:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | semmle.label | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body | semmle.label | req.body |
| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | semmle.label | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | semmle.label | req.body |
| ReflectedXss.js:97:12:97:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | semmle.label | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body | semmle.label | req.body |
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | semmle.label | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | semmle.label | req.body |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | semmle.label | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | semmle.label | req.body |
| ReflectedXss.js:110:16:110:30 | request.query.p | semmle.label | request.query.p |
| ReflectedXss.js:114:11:114:41 | queryKeys | semmle.label | queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys | semmle.label | keys: queryKeys |
| ReflectedXss.js:116:11:116:45 | keys | semmle.label | keys |
| ReflectedXss.js:116:18:116:26 | queryKeys | semmle.label | queryKeys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | semmle.label | paramKeys?.keys |
| ReflectedXss.js:118:11:118:61 | keyArray | semmle.label | keyArray |
| ReflectedXss.js:118:50:118:53 | keys | semmle.label | keys |
| ReflectedXss.js:118:58:118:61 | keys | semmle.label | keys |
| ReflectedXss.js:119:11:119:72 | invalidKeys | semmle.label | invalidKeys |
| ReflectedXss.js:119:25:119:32 | keyArray | semmle.label | keyArray |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | semmle.label | keyArra ... s(key)) |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | semmle.label | `${inva ... telist` |
| ReflectedXss.js:122:33:122:43 | invalidKeys | semmle.label | invalidKeys |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | semmle.label | invalid ... n(', ') |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | semmle.label | req.params.id |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | semmle.label | req.params.id |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | semmle.label | req.params.id |
| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | semmle.label | req.params.id |
| ReflectedXssGood3.js:68:22:68:26 | value | semmle.label | value |
| ReflectedXssGood3.js:77:7:77:37 | parts | semmle.label | parts |
| ReflectedXssGood3.js:77:16:77:20 | value | semmle.label | value |
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | semmle.label | value.s ... g(0, i) |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | semmle.label | [post update] parts |
| ReflectedXssGood3.js:105:18:105:22 | value | semmle.label | value |
| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | semmle.label | value.s ... g(j, i) |
| ReflectedXssGood3.js:108:10:108:14 | parts | semmle.label | parts |
| ReflectedXssGood3.js:108:10:108:23 | parts.join('') | semmle.label | parts.join('') |
| ReflectedXssGood3.js:135:9:135:27 | url | semmle.label | url |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id | semmle.label | req.params.id |
| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | semmle.label | escapeHtml3(url) |
| ReflectedXssGood3.js:139:24:139:26 | url | semmle.label | url |
| etherpad.js:9:5:9:53 | response | semmle.label | response |
| etherpad.js:9:16:9:30 | req.query.jsonp | semmle.label | req.query.jsonp |
| etherpad.js:11:12:11:19 | response | semmle.label | response |
| formatting.js:4:9:4:29 | evil | semmle.label | evil |
| formatting.js:4:16:4:29 | req.query.evil | semmle.label | req.query.evil |
| formatting.js:6:14:6:47 | util.fo ... , evil) | semmle.label | util.fo ... , evil) |
| formatting.js:6:43:6:46 | evil | semmle.label | evil |
| formatting.js:7:14:7:53 | require ... , evil) | semmle.label | require ... , evil) |
| formatting.js:7:49:7:52 | evil | semmle.label | evil |
| live-server.js:4:11:4:27 | tainted | semmle.label | tainted |
| live-server.js:4:21:4:27 | req.url | semmle.label | req.url |
| live-server.js:6:13:6:50 | `<html> ... /html>` | semmle.label | `<html> ... /html>` |
| live-server.js:6:28:6:34 | tainted | semmle.label | tainted |
| live-server.js:10:11:10:27 | tainted | semmle.label | tainted |
| live-server.js:10:21:10:27 | req.url | semmle.label | req.url |
| live-server.js:12:13:12:50 | `<html> ... /html>` | semmle.label | `<html> ... /html>` |
| live-server.js:12:28:12:34 | tainted | semmle.label | tainted |
| pages/Next.jsx:8:13:8:19 | req.url | semmle.label | req.url |
| pages/Next.jsx:15:13:15:19 | req.url | semmle.label | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url | semmle.label | req.url |
| partial.js:9:25:9:25 | x | semmle.label | x |
| partial.js:10:14:10:14 | x | semmle.label | x |
| partial.js:10:14:10:18 | x + y | semmle.label | x + y |
| partial.js:13:42:13:48 | req.url | semmle.label | req.url |
| partial.js:18:25:18:25 | x | semmle.label | x |
| partial.js:19:14:19:14 | x | semmle.label | x |
| partial.js:19:14:19:18 | x + y | semmle.label | x + y |
| partial.js:22:51:22:57 | req.url | semmle.label | req.url |
| partial.js:27:25:27:25 | x | semmle.label | x |
| partial.js:28:14:28:14 | x | semmle.label | x |
| partial.js:28:14:28:18 | x + y | semmle.label | x + y |
| partial.js:31:47:31:53 | req.url | semmle.label | req.url |
| partial.js:36:25:36:25 | x | semmle.label | x |
| partial.js:37:14:37:14 | x | semmle.label | x |
| partial.js:37:14:37:18 | x + y | semmle.label | x + y |
| partial.js:40:43:40:49 | req.url | semmle.label | req.url |
| promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | semmle.label | new Pro ... .data)) [PromiseValue] |
| promises.js:5:16:5:22 | resolve [Return] [resolve-value] | semmle.label | resolve [Return] [resolve-value] |
| promises.js:5:36:5:42 | [post update] resolve [resolve-value] | semmle.label | [post update] resolve [resolve-value] |
| promises.js:5:44:5:57 | req.query.data | semmle.label | req.query.data |
| promises.js:6:11:6:11 | x | semmle.label | x |
| promises.js:6:25:6:25 | x | semmle.label | x |
| tst2.js:6:7:6:30 | p | semmle.label | p |
| tst2.js:6:7:6:30 | r | semmle.label | r |
| tst2.js:6:9:6:9 | p | semmle.label | p |
| tst2.js:6:12:6:15 | q: r | semmle.label | q: r |
| tst2.js:7:12:7:12 | p | semmle.label | p |
| tst2.js:8:12:8:12 | r | semmle.label | r |
| tst2.js:14:7:14:24 | p | semmle.label | p |
| tst2.js:14:9:14:9 | p | semmle.label | p |
| tst2.js:18:12:18:12 | p | semmle.label | p |
| tst2.js:21:14:21:14 | p | semmle.label | p |
| tst2.js:30:7:30:24 | p | semmle.label | p |
| tst2.js:30:9:30:9 | p | semmle.label | p |
| tst2.js:32:7:32:14 | obj [p] | semmle.label | obj [p] |
| tst2.js:33:3:33:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
| tst2.js:33:11:33:11 | p | semmle.label | p |
| tst2.js:34:7:34:24 | other [p] | semmle.label | other [p] |
| tst2.js:34:15:34:24 | clone(obj) [p] | semmle.label | clone(obj) [p] |
| tst2.js:34:21:34:23 | obj [p] | semmle.label | obj [p] |
| tst2.js:36:12:36:12 | p | semmle.label | p |
| tst2.js:37:12:37:16 | other [p] | semmle.label | other [p] |
| tst2.js:37:12:37:18 | other.p | semmle.label | other.p |
| tst2.js:43:7:43:24 | p | semmle.label | p |
| tst2.js:43:9:43:9 | p | semmle.label | p |
| tst2.js:49:7:49:53 | unsafe | semmle.label | unsafe |
| tst2.js:49:16:49:53 | seriali ... true}) | semmle.label | seriali ... true}) |
| tst2.js:49:36:49:36 | p | semmle.label | p |
| tst2.js:51:12:51:17 | unsafe | semmle.label | unsafe |
| tst2.js:57:7:57:24 | p | semmle.label | p |
| tst2.js:57:9:57:9 | p | semmle.label | p |
| tst2.js:59:7:59:14 | obj [p] | semmle.label | obj [p] |
| tst2.js:60:3:60:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
| tst2.js:60:11:60:11 | p | semmle.label | p |
| tst2.js:61:7:61:25 | other [p] | semmle.label | other [p] |
| tst2.js:61:15:61:25 | fclone(obj) [p] | semmle.label | fclone(obj) [p] |
| tst2.js:61:22:61:24 | obj [p] | semmle.label | obj [p] |
| tst2.js:63:12:63:12 | p | semmle.label | p |
| tst2.js:64:12:64:16 | other [p] | semmle.label | other [p] |
| tst2.js:64:12:64:18 | other.p | semmle.label | other.p |
| tst2.js:69:7:69:24 | p | semmle.label | p |
| tst2.js:69:9:69:9 | p | semmle.label | p |
| tst2.js:71:7:71:14 | obj [p] | semmle.label | obj [p] |
| tst2.js:72:3:72:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
| tst2.js:72:11:72:11 | p | semmle.label | p |
| tst2.js:73:7:73:44 | other [p] | semmle.label | other [p] |
| tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | semmle.label | jc.retr ... e(obj)) [p] |
| tst2.js:73:29:73:43 | jc.decycle(obj) [p] | semmle.label | jc.decycle(obj) [p] |
| tst2.js:73:40:73:42 | obj [p] | semmle.label | obj [p] |
| tst2.js:75:12:75:12 | p | semmle.label | p |
| tst2.js:76:12:76:16 | other [p] | semmle.label | other [p] |
| tst2.js:76:12:76:18 | other.p | semmle.label | other.p |
| tst2.js:82:7:82:24 | p | semmle.label | p |
| tst2.js:82:9:82:9 | p | semmle.label | p |
| tst2.js:84:7:84:14 | obj [p] | semmle.label | obj [p] |
| tst2.js:85:3:85:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
| tst2.js:85:11:85:11 | p | semmle.label | p |
| tst2.js:86:7:86:27 | other [p] | semmle.label | other [p] |
| tst2.js:86:15:86:27 | sortKeys(obj) [p] | semmle.label | sortKeys(obj) [p] |
| tst2.js:86:24:86:26 | obj [p] | semmle.label | obj [p] |
| tst2.js:88:12:88:12 | p | semmle.label | p |
| tst2.js:89:12:89:16 | other [p] | semmle.label | other [p] |
| tst2.js:89:12:89:18 | other.p | semmle.label | other.p |
| tst3.js:5:7:5:24 | p | semmle.label | p |
| tst3.js:5:9:5:9 | p | semmle.label | p |
| tst3.js:6:12:6:12 | p | semmle.label | p |
| tst3.js:11:9:11:74 | code | semmle.label | code |
| tst3.js:11:16:11:74 | prettie ... bel" }) | semmle.label | prettie ... bel" }) |
| tst3.js:11:32:11:39 | reg.body | semmle.label | reg.body |
| tst3.js:12:12:12:15 | code | semmle.label | code |
subpaths
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
#select
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:17:31:17:39 | params.id | user-provided value |

82
javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected
View File

@@ -1,32 +1,43 @@
edges
| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 |
| xss-through-filenames.js:17:21:17:26 | files2 | xss-through-filenames.js:19:9:19:14 | files2 |
| xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] |
| xss-through-filenames.js:19:9:19:14 | files2 | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) |
| xss-through-filenames.js:19:9:19:14 | files2 | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] |
| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) |
| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 |
| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') |
| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] |
| xss-through-filenames.js:33:19:33:24 | files2 | xss-through-filenames.js:35:29:35:34 | files2 |
| xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] |
| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 |
| xss-through-filenames.js:35:22:35:35 | format(files2) | xss-through-filenames.js:35:13:35:35 | files3 |
| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:17:21:17:26 | files2 |
| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:35:22:35:35 | format(files2) |
| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] |
| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:35:22:35:35 | format(files2) |
| xss-through-torrent.js:6:6:6:24 | name | xss-through-torrent.js:7:11:7:14 | name |
| xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:6:6:6:24 | name |
| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | provenance | |
| xss-through-filenames.js:17:21:17:26 | files2 | xss-through-filenames.js:19:9:19:14 | files2 | provenance | |
| xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | provenance | |
| xss-through-filenames.js:19:9:19:14 | files2 | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | provenance | |
| xss-through-filenames.js:19:9:19:14 | files2 | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | provenance | |
| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | provenance | |
| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 | provenance | |
| xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:34:20:37 | file | provenance | |
| xss-through-filenames.js:20:25:20:47 | '<li>' ... '</li>' | xss-through-filenames.js:20:13:20:18 | [post update] files3 | provenance | |
| xss-through-filenames.js:20:34:20:37 | file | xss-through-filenames.js:20:25:20:47 | '<li>' ... '</li>' | provenance | |
| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | |
| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | provenance | |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 | provenance | |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | provenance | |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 | provenance | |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 | provenance | |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | provenance | |
| xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:25:31:28 | file | provenance | |
| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | provenance | |
| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | provenance | |
| xss-through-filenames.js:33:19:33:24 | files2 | xss-through-filenames.js:35:29:35:34 | files2 | provenance | |
| xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | provenance | |
| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 | provenance | |
| xss-through-filenames.js:35:22:35:35 | format(files2) | xss-through-filenames.js:35:13:35:35 | files3 | provenance | |
| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:17:21:17:26 | files2 | provenance | |
| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:35:22:35:35 | format(files2) | provenance | |
| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | provenance | |
| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:35:22:35:35 | format(files2) | provenance | |
| xss-through-torrent.js:6:6:6:24 | name | xss-through-torrent.js:7:11:7:14 | name | provenance | |
| xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:6:6:6:24 | name | provenance | |
nodes
| xss-through-filenames.js:7:43:7:48 | files1 | semmle.label | files1 |
| xss-through-filenames.js:8:18:8:23 | files1 | semmle.label | files1 |
@@ -38,6 +49,10 @@ nodes
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | semmle.label | files2.sort(sort) |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | semmle.label | files2.sort(sort) [ArrayElement] |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | semmle.label | files2.sort(sort) [ArrayElement] |
| xss-through-filenames.js:19:45:19:48 | file | semmle.label | file |
| xss-through-filenames.js:20:13:20:18 | [post update] files3 | semmle.label | [post update] files3 |
| xss-through-filenames.js:20:25:20:47 | '<li>' ... '</li>' | semmle.label | '<li>' ... '</li>' |
| xss-through-filenames.js:20:34:20:37 | file | semmle.label | file |
| xss-through-filenames.js:22:16:22:21 | files3 | semmle.label | files3 |
| xss-through-filenames.js:22:16:22:21 | files3 | semmle.label | files3 |
| xss-through-filenames.js:22:16:22:30 | files3.join('') | semmle.label | files3.join('') |
@@ -45,6 +60,10 @@ nodes
| xss-through-filenames.js:25:43:25:48 | files1 | semmle.label | files1 |
| xss-through-filenames.js:26:19:26:24 | files1 | semmle.label | files1 |
| xss-through-filenames.js:30:9:30:14 | files1 | semmle.label | files1 |
| xss-through-filenames.js:30:34:30:37 | file | semmle.label | file |
| xss-through-filenames.js:31:13:31:18 | [post update] files2 | semmle.label | [post update] files2 |
| xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | semmle.label | [post update] files2 [ArrayElement] |
| xss-through-filenames.js:31:25:31:28 | file | semmle.label | file |
| xss-through-filenames.js:33:19:33:24 | files2 | semmle.label | files2 |
| xss-through-filenames.js:33:19:33:24 | files2 | semmle.label | files2 |
| xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] |
@@ -57,6 +76,13 @@ nodes
| xss-through-torrent.js:6:13:6:24 | torrent.name | semmle.label | torrent.name |
| xss-through-torrent.js:7:11:7:14 | name | semmle.label | name |
subpaths
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] |
| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:17:21:17:26 | files2 | xss-through-filenames.js:22:16:22:30 | files3.join('') | xss-through-filenames.js:35:22:35:35 | format(files2) |
| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | xss-through-filenames.js:22:16:22:30 | files3.join('') | xss-through-filenames.js:35:22:35:35 | format(files2) |
#select

81
javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected
View File

@@ -56,45 +56,48 @@ nodes
| typed.ts:6:43:6:43 | s | semmle.label | s |
| typed.ts:8:40:8:40 | s | semmle.label | s |
edges
| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff |
| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options |
| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo |
| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s |
| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings |
| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:13:16:13:23 | settings |
| lib2/index.ts:13:9:13:41 | name | lib2/index.ts:18:62:18:65 | name |
| lib2/index.ts:13:16:13:23 | settings | lib2/index.ts:13:16:13:33 | settings.mySetting |
| lib2/index.ts:13:16:13:33 | settings.mySetting | lib2/index.ts:13:16:13:36 | setting ... ting[i] |
| lib2/index.ts:13:16:13:36 | setting ... ting[i] | lib2/index.ts:13:16:13:41 | setting ... i].name |
| lib2/index.ts:13:16:13:41 | setting ... i].name | lib2/index.ts:13:9:13:41 | name |
| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s |
| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s |
| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s |
| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s |
| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s |
| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s |
| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options |
| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults |
| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults |
| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings |
| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings |
| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) |
| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } |
| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) |
| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name |
| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal |
| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val |
| main.js:89:21:89:21 | x | main.js:90:23:90:23 | x |
| main.js:93:43:93:43 | x | main.js:94:31:94:31 | x |
| main.js:94:31:94:31 | x | main.js:89:21:89:21 | x |
| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x |
| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x |
| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x |
| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x |
| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x |
| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s |
| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s |
| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s |
| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | provenance | |
| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | provenance | |
| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | provenance | Config |
| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | provenance | |
| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | provenance | |
| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:13:16:13:23 | settings | provenance | |
| lib2/index.ts:13:9:13:41 | name | lib2/index.ts:18:62:18:65 | name | provenance | |
| lib2/index.ts:13:16:13:23 | settings | lib2/index.ts:13:16:13:33 | settings.mySetting | provenance | Config |
| lib2/index.ts:13:16:13:33 | settings.mySetting | lib2/index.ts:13:16:13:36 | setting ... ting[i] | provenance | Config |
| lib2/index.ts:13:16:13:36 | setting ... ting[i] | lib2/index.ts:13:16:13:41 | setting ... i].name | provenance | Config |
| lib2/index.ts:13:16:13:41 | setting ... i].name | lib2/index.ts:13:9:13:41 | name | provenance | |
| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | provenance | |
| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | provenance | |
| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | provenance | |
| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | provenance | |
| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | provenance | |
| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | provenance | |
| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | provenance | |
| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults | provenance | |
| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults | provenance | |
| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings | provenance | |
| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings | provenance | |
| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | provenance | |
| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | provenance | Config |
| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | provenance | |
| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | provenance | Config |
| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | provenance | |
| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | provenance | Config |
| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | provenance | Config |
| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | provenance | |
| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | provenance | |
| main.js:89:21:89:21 | x | main.js:90:23:90:23 | x | provenance | |
| main.js:93:43:93:43 | x | main.js:94:31:94:31 | x | provenance | |
| main.js:94:31:94:31 | x | main.js:89:21:89:21 | x | provenance | |
| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | provenance | |
| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | provenance | |
| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | provenance | |
| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | provenance | |
| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | provenance | |
| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | provenance | |
| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | provenance | |
| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | provenance | |
subpaths
#select
| jquery-plugin.js:12:31:12:41 | options.foo | jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:41 | options.foo | This HTML construction which depends on $@ might later allow $@. | jquery-plugin.js:11:34:11:40 | options | library input | jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | cross-site scripting |

704
javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected
View File

@@ -280,358 +280,358 @@ nodes
| tst.js:10:10:10:64 | 'SELECT ... d + '"' | semmle.label | 'SELECT ... d + '"' |
| tst.js:10:46:10:58 | req.params.id | semmle.label | req.params.id |
edges
| graphql.js:8:11:8:28 | id | graphql.js:12:46:12:47 | id |
| graphql.js:8:16:8:28 | req.params.id | graphql.js:8:11:8:28 | id |
| graphql.js:12:46:12:47 | id | graphql.js:10:34:20:5 | `\\n ... }\\n ` |
| graphql.js:26:11:26:28 | id | graphql.js:27:37:27:38 | id |
| graphql.js:26:11:26:28 | id | graphql.js:30:39:30:40 | id |
| graphql.js:26:11:26:28 | id | graphql.js:33:25:33:26 | id |
| graphql.js:26:16:26:28 | req.params.id | graphql.js:26:11:26:28 | id |
| graphql.js:27:37:27:38 | id | graphql.js:27:30:27:40 | `foo ${id}` |
| graphql.js:30:39:30:40 | id | graphql.js:30:32:30:42 | `foo ${id}` |
| graphql.js:33:25:33:26 | id | graphql.js:33:18:33:28 | `foo ${id}` |
| graphql.js:39:11:39:28 | id | graphql.js:44:21:44:22 | id |
| graphql.js:39:11:39:28 | id | graphql.js:48:51:48:52 | id |
| graphql.js:39:16:39:28 | req.params.id | graphql.js:39:11:39:28 | id |
| graphql.js:44:21:44:22 | id | graphql.js:44:14:44:24 | `foo ${id}` |
| graphql.js:48:51:48:52 | id | graphql.js:48:44:48:54 | `foo ${id}` |
| graphql.js:55:11:55:28 | id | graphql.js:56:46:56:47 | id |
| graphql.js:55:11:55:28 | id | graphql.js:58:73:58:74 | id |
| graphql.js:55:16:55:28 | req.params.id | graphql.js:55:11:55:28 | id |
| graphql.js:56:46:56:47 | id | graphql.js:56:39:56:49 | `foo ${id}` |
| graphql.js:58:73:58:74 | id | graphql.js:58:66:58:76 | `foo ${id}` |
| graphql.js:74:9:74:25 | id | graphql.js:75:56:75:57 | id |
| graphql.js:74:9:74:25 | id | graphql.js:88:13:88:14 | id |
| graphql.js:74:14:74:25 | req.query.id | graphql.js:74:9:74:25 | id |
| graphql.js:75:56:75:57 | id | graphql.js:75:46:75:64 | "{ foo" + id + " }" |
| graphql.js:88:13:88:14 | id | graphql.js:84:14:90:8 | `{\\n ... }` |
| graphql.js:119:11:119:28 | id | graphql.js:120:45:120:46 | id |
| graphql.js:119:16:119:28 | req.params.id | graphql.js:119:11:119:28 | id |
| graphql.js:120:45:120:46 | id | graphql.js:120:38:120:48 | `foo ${id}` |
| html-sanitizer.js:13:39:13:44 | param1 | html-sanitizer.js:14:18:14:23 | param1 |
| html-sanitizer.js:14:5:14:24 | param1 | html-sanitizer.js:16:54:16:59 | param1 |
| html-sanitizer.js:14:14:14:24 | xss(param1) | html-sanitizer.js:14:5:14:24 | param1 |
| html-sanitizer.js:14:18:14:23 | param1 | html-sanitizer.js:14:14:14:24 | xss(param1) |
| html-sanitizer.js:16:54:16:59 | param1 | html-sanitizer.js:16:9:16:59 | `SELECT ... param1 |
| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:33:22:33:26 | query |
| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:35:18:35:22 | query |
| json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | json-schema-validator.js:25:15:25:48 | query |
| json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) |
| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:55:22:55:26 | query |
| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:59:22:59:26 | query |
| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:61:22:61:26 | query |
| json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | json-schema-validator.js:50:15:50:48 | query |
| json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) |
| koarouter.js:5:11:5:33 | version | koarouter.js:14:38:14:44 | version |
| koarouter.js:5:13:5:19 | version | koarouter.js:5:11:5:33 | version |
| koarouter.js:11:11:11:28 | conditions | koarouter.js:17:52:17:61 | conditions |
| koarouter.js:14:9:14:18 | [post update] conditions | koarouter.js:11:11:11:28 | conditions |
| koarouter.js:14:25:14:46 | `versio ... rsion}` | koarouter.js:14:9:14:18 | [post update] conditions |
| koarouter.js:14:38:14:44 | version | koarouter.js:14:25:14:46 | `versio ... rsion}` |
| koarouter.js:17:52:17:61 | conditions | koarouter.js:17:52:17:75 | conditi ... and ') |
| koarouter.js:17:52:17:75 | conditi ... and ') | koarouter.js:17:27:17:77 | `SELECT ... nd ')}` |
| ldap.js:20:7:20:34 | q | ldap.js:22:18:22:18 | q |
| ldap.js:20:11:20:34 | url.par ... , true) | ldap.js:20:7:20:34 | q |
| ldap.js:20:21:20:27 | req.url | ldap.js:20:11:20:34 | url.par ... , true) |
| ldap.js:22:7:22:33 | username | ldap.js:25:24:25:31 | username |
| ldap.js:22:7:22:33 | username | ldap.js:25:46:25:53 | username |
| ldap.js:22:7:22:33 | username | ldap.js:32:26:32:33 | username |
| ldap.js:22:7:22:33 | username | ldap.js:32:48:32:55 | username |
| ldap.js:22:7:22:33 | username | ldap.js:64:16:64:23 | username |
| ldap.js:22:7:22:33 | username | ldap.js:64:38:64:45 | username |
| ldap.js:22:7:22:33 | username | ldap.js:68:33:68:40 | username |
| ldap.js:22:18:22:18 | q | ldap.js:22:7:22:33 | username |
| ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | ldap.js:28:30:28:34 | opts1 |
| ldap.js:25:24:25:31 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` |
| ldap.js:25:46:25:53 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` |
| ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | ldap.js:32:5:32:61 | { filte ... e}))` } |
| ldap.js:32:26:32:33 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` |
| ldap.js:32:48:32:55 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` |
| ldap.js:63:9:65:3 | parsedFilter | ldap.js:66:40:66:51 | parsedFilter |
| ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | ldap.js:63:9:65:3 | parsedFilter |
| ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) |
| ldap.js:64:16:64:23 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` |
| ldap.js:64:38:64:45 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` |
| ldap.js:66:40:66:51 | parsedFilter | ldap.js:66:30:66:53 | { filte ... ilter } |
| ldap.js:68:33:68:40 | username | ldap.js:68:27:68:42 | `cn=${username}` |
| marsdb-flow-to.js:10:9:10:18 | query | marsdb-flow-to.js:14:17:14:21 | query |
| marsdb-flow-to.js:10:17:10:18 | {} | marsdb-flow-to.js:10:9:10:18 | query |
| marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:11:17:11:30 | req.body.title |
| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:9:10:18 | query |
| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:17:10:18 | {} |
| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:14:17:14:21 | query |
| marsdb.js:12:9:12:18 | query | marsdb.js:16:12:16:16 | query |
| marsdb.js:12:17:12:18 | {} | marsdb.js:12:9:12:18 | query |
| marsdb.js:13:17:13:24 | req.body | marsdb.js:13:17:13:30 | req.body.title |
| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:9:12:18 | query |
| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:17:12:18 | {} |
| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:16:12:16:16 | query |
| minimongo.js:14:9:14:18 | query | minimongo.js:18:12:18:16 | query |
| minimongo.js:14:17:14:18 | {} | minimongo.js:14:9:14:18 | query |
| minimongo.js:15:17:15:24 | req.body | minimongo.js:15:17:15:30 | req.body.title |
| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:9:14:18 | query |
| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:17:14:18 | {} |
| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:18:12:18:16 | query |
| mongodb.js:12:11:12:20 | query | mongodb.js:13:5:13:9 | query |
| mongodb.js:12:19:12:20 | {} | mongodb.js:12:11:12:20 | query |
| mongodb.js:13:5:13:9 | query | mongodb.js:18:16:18:20 | query |
| mongodb.js:13:19:13:26 | req.body | mongodb.js:13:19:13:32 | req.body.title |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:11:12:20 | query |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:19:12:20 | {} |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:13:5:13:9 | query |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:18:16:18:20 | query |
| mongodb.js:26:11:26:32 | title | mongodb.js:32:38:32:42 | title |
| mongodb.js:26:19:26:26 | req.body | mongodb.js:26:19:26:32 | req.body.title |
| mongodb.js:26:19:26:32 | req.body.title | mongodb.js:26:11:26:32 | title |
| mongodb.js:32:27:32:43 | JSON.parse(title) | mongodb.js:32:18:32:45 | { title ... itle) } |
| mongodb.js:32:38:32:42 | title | mongodb.js:32:27:32:43 | JSON.parse(title) |
| mongodb.js:48:11:48:20 | query | mongodb.js:49:5:49:9 | query |
| mongodb.js:48:19:48:20 | {} | mongodb.js:48:11:48:20 | query |
| mongodb.js:49:5:49:9 | query | mongodb.js:54:16:54:20 | query |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:11:48:20 | query |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:19:48:20 | {} |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:49:5:49:9 | query |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query |
| mongodb.js:59:8:59:17 | query | mongodb.js:60:2:60:6 | query |
| mongodb.js:59:16:59:17 | {} | mongodb.js:59:8:59:17 | query |
| mongodb.js:60:2:60:6 | query | mongodb.js:65:12:65:16 | query |
| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:8:59:17 | query |
| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:16:59:17 | {} |
| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:60:2:60:6 | query |
| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query |
| mongodb.js:70:7:70:25 | tag | mongodb.js:77:22:77:24 | tag |
| mongodb.js:70:7:70:25 | tag | mongodb.js:85:20:85:22 | tag |
| mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:70:7:70:25 | tag |
| mongodb.js:77:22:77:24 | tag | mongodb.js:77:14:77:26 | { tags: tag } |
| mongodb.js:85:20:85:22 | tag | mongodb.js:85:12:85:24 | { tags: tag } |
| mongodb.js:106:9:106:18 | query | mongodb.js:107:3:107:7 | query |
| mongodb.js:106:17:106:18 | {} | mongodb.js:106:9:106:18 | query |
| mongodb.js:107:3:107:7 | query | mongodb.js:112:14:112:18 | query |
| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:9:106:18 | query |
| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:17:106:18 | {} |
| mongodb.js:107:17:107:29 | queries.title | mongodb.js:107:3:107:7 | query |
| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query |
| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:24:5:24:9 | query |
| mongodb_bodySafe.js:23:19:23:20 | {} | mongodb_bodySafe.js:23:11:23:20 | query |
| mongodb_bodySafe.js:24:5:24:9 | query | mongodb_bodySafe.js:29:16:29:20 | query |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:11:23:20 | query |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:19:23:20 | {} |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:24:5:24:9 | query |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:21:2:21:6 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:24:22:24:26 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:27:17:27:21 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:30:22:30:26 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:33:21:33:25 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:36:28:36:32 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:39:16:39:20 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:42:19:42:23 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:45:28:45:32 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:48:28:48:32 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:51:28:51:32 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:54:22:54:26 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:57:18:57:22 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:60:22:60:26 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:63:21:63:25 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:65:32:65:36 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:67:27:67:31 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:68:8:68:12 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:71:17:71:21 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:72:10:72:14 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:73:8:73:12 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:74:7:74:11 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:75:16:75:20 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:76:12:76:16 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:77:10:77:14 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:81:37:81:41 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:82:46:82:50 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:83:47:83:51 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:104:21:104:25 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:111:14:111:18 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:113:31:113:35 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:133:38:133:42 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:134:30:134:34 | query |
| mongoose.js:20:8:20:17 | query | mongoose.js:136:30:136:34 | query |
| mongoose.js:20:16:20:17 | {} | mongoose.js:20:8:20:17 | query |
| mongoose.js:21:2:21:6 | query | mongoose.js:24:22:24:26 | query |
| mongoose.js:21:16:21:23 | req.body | mongoose.js:21:16:21:29 | req.body.title |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:8:20:17 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:16:20:17 | {} |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:21:2:21:6 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:24:22:24:26 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:27:17:27:21 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:30:22:30:26 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:33:21:33:25 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:36:28:36:32 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:39:16:39:20 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:42:19:42:23 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:45:28:45:32 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:48:28:48:32 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:51:28:51:32 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:54:22:54:26 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:57:18:57:22 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:60:22:60:26 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:63:21:63:25 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:65:32:65:36 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:67:27:67:31 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:68:8:68:12 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:71:17:71:21 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:72:10:72:14 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:73:8:73:12 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:74:7:74:11 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:75:16:75:20 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:76:12:76:16 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:77:10:77:14 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:81:37:81:41 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:82:46:82:50 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:83:47:83:51 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:85:46:85:50 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:87:51:87:55 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:89:46:89:50 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:92:46:92:50 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:94:51:94:55 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:96:46:96:50 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:104:21:104:25 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:111:14:111:18 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:113:31:113:35 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:133:38:133:42 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:134:30:134:34 | query |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:136:30:136:34 | query |
| mongoose.js:24:22:24:26 | query | mongoose.js:24:21:24:27 | [query] |
| mongoose.js:24:22:24:26 | query | mongoose.js:27:17:27:21 | query |
| mongoose.js:27:17:27:21 | query | mongoose.js:30:22:30:26 | query |
| mongoose.js:30:22:30:26 | query | mongoose.js:33:21:33:25 | query |
| mongoose.js:33:21:33:25 | query | mongoose.js:36:28:36:32 | query |
| mongoose.js:36:28:36:32 | query | mongoose.js:39:16:39:20 | query |
| mongoose.js:39:16:39:20 | query | mongoose.js:42:19:42:23 | query |
| mongoose.js:42:19:42:23 | query | mongoose.js:45:28:45:32 | query |
| mongoose.js:45:28:45:32 | query | mongoose.js:48:28:48:32 | query |
| mongoose.js:48:28:48:32 | query | mongoose.js:51:28:51:32 | query |
| mongoose.js:51:28:51:32 | query | mongoose.js:54:22:54:26 | query |
| mongoose.js:54:22:54:26 | query | mongoose.js:57:18:57:22 | query |
| mongoose.js:57:18:57:22 | query | mongoose.js:60:22:60:26 | query |
| mongoose.js:60:22:60:26 | query | mongoose.js:63:21:63:25 | query |
| mongoose.js:63:21:63:25 | query | mongoose.js:65:32:65:36 | query |
| mongoose.js:65:32:65:36 | query | mongoose.js:67:27:67:31 | query |
| mongoose.js:67:27:67:31 | query | mongoose.js:68:8:68:12 | query |
| mongoose.js:68:8:68:12 | query | mongoose.js:71:17:71:21 | query |
| mongoose.js:71:17:71:21 | query | mongoose.js:72:10:72:14 | query |
| mongoose.js:72:10:72:14 | query | mongoose.js:73:8:73:12 | query |
| mongoose.js:73:8:73:12 | query | mongoose.js:74:7:74:11 | query |
| mongoose.js:74:7:74:11 | query | mongoose.js:75:16:75:20 | query |
| mongoose.js:75:16:75:20 | query | mongoose.js:76:12:76:16 | query |
| mongoose.js:76:12:76:16 | query | mongoose.js:77:10:77:14 | query |
| mongoose.js:77:10:77:14 | query | mongoose.js:81:37:81:41 | query |
| mongoose.js:81:37:81:41 | query | mongoose.js:82:46:82:50 | query |
| mongoose.js:82:46:82:50 | query | mongoose.js:83:47:83:51 | query |
| mongoose.js:83:47:83:51 | query | mongoose.js:85:46:85:50 | query |
| mongoose.js:83:47:83:51 | query | mongoose.js:87:51:87:55 | query |
| mongoose.js:83:47:83:51 | query | mongoose.js:89:46:89:50 | query |
| mongoose.js:83:47:83:51 | query | mongoose.js:92:46:92:50 | query |
| mongoose.js:83:47:83:51 | query | mongoose.js:94:51:94:55 | query |
| mongoose.js:83:47:83:51 | query | mongoose.js:96:46:96:50 | query |
| mongoose.js:83:47:83:51 | query | mongoose.js:104:21:104:25 | query |
| mongoose.js:104:21:104:25 | query | mongoose.js:111:14:111:18 | query |
| mongoose.js:111:14:111:18 | query | mongoose.js:113:31:113:35 | query |
| mongoose.js:113:31:113:35 | query | mongoose.js:133:38:133:42 | query |
| mongoose.js:115:6:115:22 | id | mongoose.js:123:20:123:21 | id |
| mongoose.js:115:6:115:22 | id | mongoose.js:130:23:130:24 | id |
| mongoose.js:115:11:115:22 | req.query.id | mongoose.js:115:6:115:22 | id |
| mongoose.js:115:25:115:45 | cond | mongoose.js:116:22:116:25 | cond |
| mongoose.js:115:25:115:45 | cond | mongoose.js:117:21:117:24 | cond |
| mongoose.js:115:25:115:45 | cond | mongoose.js:118:21:118:24 | cond |
| mongoose.js:115:25:115:45 | cond | mongoose.js:119:18:119:21 | cond |
| mongoose.js:115:25:115:45 | cond | mongoose.js:120:22:120:25 | cond |
| mongoose.js:115:25:115:45 | cond | mongoose.js:121:16:121:19 | cond |
| mongoose.js:115:25:115:45 | cond | mongoose.js:122:19:122:22 | cond |
| mongoose.js:115:25:115:45 | cond | mongoose.js:124:28:124:31 | cond |
| mongoose.js:115:25:115:45 | cond | mongoose.js:125:28:125:31 | cond |
| mongoose.js:115:25:115:45 | cond | mongoose.js:126:28:126:31 | cond |
| mongoose.js:115:25:115:45 | cond | mongoose.js:127:18:127:21 | cond |
| mongoose.js:115:25:115:45 | cond | mongoose.js:128:22:128:25 | cond |
| mongoose.js:115:25:115:45 | cond | mongoose.js:129:21:129:24 | cond |
| mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:115:25:115:45 | cond |
| mongoose.js:130:23:130:24 | id | mongoose.js:130:16:130:26 | { _id: id } |
| mongoose.js:133:38:133:42 | query | mongoose.js:134:30:134:34 | query |
| mongoose.js:133:38:133:42 | query | mongoose.js:136:30:136:34 | query |
| mongooseJsonParse.js:19:11:19:20 | query | mongooseJsonParse.js:23:19:23:23 | query |
| mongooseJsonParse.js:19:19:19:20 | {} | mongooseJsonParse.js:19:11:19:20 | query |
| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title |
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:11:19:20 | query |
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:19:19:20 | {} |
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:23:19:23:23 | query |
| mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) |
| mongooseModelClient.js:10:7:10:32 | v | mongooseModelClient.js:11:22:11:22 | v |
| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | mongooseModelClient.js:10:7:10:32 | v |
| mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:10:22:10:31 | req.body.x |
| mongooseModelClient.js:10:22:10:31 | req.body.x | mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) |
| mongooseModelClient.js:11:22:11:22 | v | mongooseModelClient.js:11:16:11:24 | { id: v } |
| mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:22:12:32 | req.body.id |
| mongooseModelClient.js:12:22:12:32 | req.body.id | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } |
| mysql.js:6:9:6:31 | temp | mysql.js:15:62:15:65 | temp |
| mysql.js:6:9:6:31 | temp | mysql.js:19:70:19:73 | temp |
| mysql.js:6:16:6:31 | req.params.value | mysql.js:6:9:6:31 | temp |
| mysql.js:15:62:15:65 | temp | mysql.js:15:18:15:65 | 'SELECT ... + temp |
| mysql.js:19:70:19:73 | temp | mysql.js:19:26:19:73 | 'SELECT ... + temp |
| pg-promise-types.ts:7:9:7:28 | taint | pg-promise-types.ts:8:17:8:21 | taint |
| pg-promise-types.ts:7:17:7:28 | req.params.x | pg-promise-types.ts:7:9:7:28 | taint |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:9:10:9:14 | query |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:10:11:10:15 | query |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:11:17:11:21 | query |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:12:10:12:14 | query |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:13:12:13:16 | query |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:14:18:14:22 | query |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:15:11:15:15 | query |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:16:10:16:14 | query |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:17:16:17:20 | query |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:18:12:18:16 | query |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:19:13:19:17 | query |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:22:11:22:15 | query |
| pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:6:7:7:55 | query |
| pg-promise.js:9:10:9:14 | query | pg-promise.js:10:11:10:15 | query |
| pg-promise.js:10:11:10:15 | query | pg-promise.js:11:17:11:21 | query |
| pg-promise.js:11:17:11:21 | query | pg-promise.js:12:10:12:14 | query |
| pg-promise.js:12:10:12:14 | query | pg-promise.js:13:12:13:16 | query |
| pg-promise.js:13:12:13:16 | query | pg-promise.js:14:18:14:22 | query |
| pg-promise.js:14:18:14:22 | query | pg-promise.js:15:11:15:15 | query |
| pg-promise.js:15:11:15:15 | query | pg-promise.js:16:10:16:14 | query |
| pg-promise.js:16:10:16:14 | query | pg-promise.js:17:16:17:20 | query |
| pg-promise.js:17:16:17:20 | query | pg-promise.js:18:12:18:16 | query |
| pg-promise.js:18:12:18:16 | query | pg-promise.js:19:13:19:17 | query |
| pg-promise.js:19:13:19:17 | query | pg-promise.js:22:11:22:15 | query |
| pg-promise.js:22:11:22:15 | query | pg-promise.js:60:20:60:24 | query |
| pg-promise.js:22:11:22:15 | query | pg-promise.js:63:23:63:27 | query |
| pg-promise.js:22:11:22:15 | query | pg-promise.js:64:16:64:20 | query |
| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] |
| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] |
| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] |
| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key |
| redis.js:12:9:12:26 | key | redis.js:13:16:13:18 | key |
| redis.js:12:9:12:26 | key | redis.js:18:16:18:18 | key |
| redis.js:12:9:12:26 | key | redis.js:19:43:19:45 | key |
| redis.js:12:9:12:26 | key | redis.js:25:14:25:16 | key |
| redis.js:12:9:12:26 | key | redis.js:26:14:26:16 | key |
| redis.js:12:9:12:26 | key | redis.js:32:28:32:30 | key |
| redis.js:12:15:12:22 | req.body | redis.js:12:15:12:26 | req.body.key |
| redis.js:12:15:12:26 | req.body.key | redis.js:12:9:12:26 | key |
| redis.js:13:16:13:18 | key | redis.js:18:16:18:18 | key |
| redis.js:18:16:18:18 | key | redis.js:19:43:19:45 | key |
| redis.js:19:43:19:45 | key | redis.js:25:14:25:16 | key |
| redis.js:25:14:25:16 | key | redis.js:26:14:26:16 | key |
| redis.js:26:14:26:16 | key | redis.js:30:23:30:25 | key |
| redis.js:26:14:26:16 | key | redis.js:32:28:32:30 | key |
| redis.js:38:11:38:28 | key | redis.js:39:16:39:18 | key |
| redis.js:38:11:38:28 | key | redis.js:43:27:43:29 | key |
| redis.js:38:11:38:28 | key | redis.js:46:34:46:36 | key |
| redis.js:38:17:38:24 | req.body | redis.js:38:17:38:28 | req.body.key |
| redis.js:38:17:38:28 | req.body.key | redis.js:38:11:38:28 | key |
| socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle |
| socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` |
| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" |
| tst3.js:7:7:8:55 | query1 | tst3.js:9:14:9:19 | query1 |
| tst3.js:8:16:8:34 | req.params.category | tst3.js:7:7:8:55 | query1 |
| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' |
| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
| graphql.js:8:11:8:28 | id | graphql.js:12:46:12:47 | id | provenance | |
| graphql.js:8:16:8:28 | req.params.id | graphql.js:8:11:8:28 | id | provenance | |
| graphql.js:12:46:12:47 | id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | provenance | |
| graphql.js:26:11:26:28 | id | graphql.js:27:37:27:38 | id | provenance | |
| graphql.js:26:11:26:28 | id | graphql.js:30:39:30:40 | id | provenance | |
| graphql.js:26:11:26:28 | id | graphql.js:33:25:33:26 | id | provenance | |
| graphql.js:26:16:26:28 | req.params.id | graphql.js:26:11:26:28 | id | provenance | |
| graphql.js:27:37:27:38 | id | graphql.js:27:30:27:40 | `foo ${id}` | provenance | |
| graphql.js:30:39:30:40 | id | graphql.js:30:32:30:42 | `foo ${id}` | provenance | |
| graphql.js:33:25:33:26 | id | graphql.js:33:18:33:28 | `foo ${id}` | provenance | |
| graphql.js:39:11:39:28 | id | graphql.js:44:21:44:22 | id | provenance | |
| graphql.js:39:11:39:28 | id | graphql.js:48:51:48:52 | id | provenance | |
| graphql.js:39:16:39:28 | req.params.id | graphql.js:39:11:39:28 | id | provenance | |
| graphql.js:44:21:44:22 | id | graphql.js:44:14:44:24 | `foo ${id}` | provenance | |
| graphql.js:48:51:48:52 | id | graphql.js:48:44:48:54 | `foo ${id}` | provenance | |
| graphql.js:55:11:55:28 | id | graphql.js:56:46:56:47 | id | provenance | |
| graphql.js:55:11:55:28 | id | graphql.js:58:73:58:74 | id | provenance | |
| graphql.js:55:16:55:28 | req.params.id | graphql.js:55:11:55:28 | id | provenance | |
| graphql.js:56:46:56:47 | id | graphql.js:56:39:56:49 | `foo ${id}` | provenance | |
| graphql.js:58:73:58:74 | id | graphql.js:58:66:58:76 | `foo ${id}` | provenance | |
| graphql.js:74:9:74:25 | id | graphql.js:75:56:75:57 | id | provenance | |
| graphql.js:74:9:74:25 | id | graphql.js:88:13:88:14 | id | provenance | |
| graphql.js:74:14:74:25 | req.query.id | graphql.js:74:9:74:25 | id | provenance | |
| graphql.js:75:56:75:57 | id | graphql.js:75:46:75:64 | "{ foo" + id + " }" | provenance | |
| graphql.js:88:13:88:14 | id | graphql.js:84:14:90:8 | `{\\n ... }` | provenance | |
| graphql.js:119:11:119:28 | id | graphql.js:120:45:120:46 | id | provenance | |
| graphql.js:119:16:119:28 | req.params.id | graphql.js:119:11:119:28 | id | provenance | |
| graphql.js:120:45:120:46 | id | graphql.js:120:38:120:48 | `foo ${id}` | provenance | |
| html-sanitizer.js:13:39:13:44 | param1 | html-sanitizer.js:14:18:14:23 | param1 | provenance | |
| html-sanitizer.js:14:5:14:24 | param1 | html-sanitizer.js:16:54:16:59 | param1 | provenance | |
| html-sanitizer.js:14:14:14:24 | xss(param1) | html-sanitizer.js:14:5:14:24 | param1 | provenance | |
| html-sanitizer.js:14:18:14:23 | param1 | html-sanitizer.js:14:14:14:24 | xss(param1) | provenance | Config |
| html-sanitizer.js:16:54:16:59 | param1 | html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | provenance | |
| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:33:22:33:26 | query | provenance | |
| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:35:18:35:22 | query | provenance | |
| json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | json-schema-validator.js:25:15:25:48 | query | provenance | |
| json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | provenance | Config |
| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:55:22:55:26 | query | provenance | |
| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:59:22:59:26 | query | provenance | |
| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:61:22:61:26 | query | provenance | |
| json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | json-schema-validator.js:50:15:50:48 | query | provenance | |
| json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | provenance | Config |
| koarouter.js:5:11:5:33 | version | koarouter.js:14:38:14:44 | version | provenance | |
| koarouter.js:5:13:5:19 | version | koarouter.js:5:11:5:33 | version | provenance | |
| koarouter.js:11:11:11:28 | conditions | koarouter.js:17:52:17:61 | conditions | provenance | |
| koarouter.js:14:9:14:18 | [post update] conditions | koarouter.js:11:11:11:28 | conditions | provenance | |
| koarouter.js:14:25:14:46 | `versio ... rsion}` | koarouter.js:14:9:14:18 | [post update] conditions | provenance | |
| koarouter.js:14:38:14:44 | version | koarouter.js:14:25:14:46 | `versio ... rsion}` | provenance | |
| koarouter.js:17:52:17:61 | conditions | koarouter.js:17:52:17:75 | conditi ... and ') | provenance | |
| koarouter.js:17:52:17:75 | conditi ... and ') | koarouter.js:17:27:17:77 | `SELECT ... nd ')}` | provenance | |
| ldap.js:20:7:20:34 | q | ldap.js:22:18:22:18 | q | provenance | |
| ldap.js:20:11:20:34 | url.par ... , true) | ldap.js:20:7:20:34 | q | provenance | |
| ldap.js:20:21:20:27 | req.url | ldap.js:20:11:20:34 | url.par ... , true) | provenance | |
| ldap.js:22:7:22:33 | username | ldap.js:25:24:25:31 | username | provenance | |
| ldap.js:22:7:22:33 | username | ldap.js:25:46:25:53 | username | provenance | |
| ldap.js:22:7:22:33 | username | ldap.js:32:26:32:33 | username | provenance | |
| ldap.js:22:7:22:33 | username | ldap.js:32:48:32:55 | username | provenance | |
| ldap.js:22:7:22:33 | username | ldap.js:64:16:64:23 | username | provenance | |
| ldap.js:22:7:22:33 | username | ldap.js:64:38:64:45 | username | provenance | |
| ldap.js:22:7:22:33 | username | ldap.js:68:33:68:40 | username | provenance | |
| ldap.js:22:18:22:18 | q | ldap.js:22:7:22:33 | username | provenance | |
| ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | ldap.js:28:30:28:34 | opts1 | provenance | Config |
| ldap.js:25:24:25:31 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | provenance | |
| ldap.js:25:46:25:53 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | provenance | |
| ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | ldap.js:32:5:32:61 | { filte ... e}))` } | provenance | Config |
| ldap.js:32:26:32:33 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | provenance | |
| ldap.js:32:48:32:55 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | provenance | |
| ldap.js:63:9:65:3 | parsedFilter | ldap.js:66:40:66:51 | parsedFilter | provenance | |
| ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | ldap.js:63:9:65:3 | parsedFilter | provenance | |
| ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | provenance | Config |
| ldap.js:64:16:64:23 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | provenance | |
| ldap.js:64:38:64:45 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | provenance | |
| ldap.js:66:40:66:51 | parsedFilter | ldap.js:66:30:66:53 | { filte ... ilter } | provenance | Config |
| ldap.js:68:33:68:40 | username | ldap.js:68:27:68:42 | `cn=${username}` | provenance | |
| marsdb-flow-to.js:10:9:10:18 | query | marsdb-flow-to.js:14:17:14:21 | query | provenance | |
| marsdb-flow-to.js:10:17:10:18 | {} | marsdb-flow-to.js:10:9:10:18 | query | provenance | |
| marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:11:17:11:30 | req.body.title | provenance | Config |
| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:9:10:18 | query | provenance | Config |
| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:17:10:18 | {} | provenance | Config |
| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:14:17:14:21 | query | provenance | Config |
| marsdb.js:12:9:12:18 | query | marsdb.js:16:12:16:16 | query | provenance | |
| marsdb.js:12:17:12:18 | {} | marsdb.js:12:9:12:18 | query | provenance | |
| marsdb.js:13:17:13:24 | req.body | marsdb.js:13:17:13:30 | req.body.title | provenance | Config |
| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:9:12:18 | query | provenance | Config |
| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:17:12:18 | {} | provenance | Config |
| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:16:12:16:16 | query | provenance | Config |
| minimongo.js:14:9:14:18 | query | minimongo.js:18:12:18:16 | query | provenance | |
| minimongo.js:14:17:14:18 | {} | minimongo.js:14:9:14:18 | query | provenance | |
| minimongo.js:15:17:15:24 | req.body | minimongo.js:15:17:15:30 | req.body.title | provenance | Config |
| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:9:14:18 | query | provenance | Config |
| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:17:14:18 | {} | provenance | Config |
| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:18:12:18:16 | query | provenance | Config |
| mongodb.js:12:11:12:20 | query | mongodb.js:13:5:13:9 | query | provenance | |
| mongodb.js:12:19:12:20 | {} | mongodb.js:12:11:12:20 | query | provenance | |
| mongodb.js:13:5:13:9 | query | mongodb.js:18:16:18:20 | query | provenance | |
| mongodb.js:13:19:13:26 | req.body | mongodb.js:13:19:13:32 | req.body.title | provenance | Config |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:11:12:20 | query | provenance | Config |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:19:12:20 | {} | provenance | Config |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:13:5:13:9 | query | provenance | Config |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:18:16:18:20 | query | provenance | Config |
| mongodb.js:26:11:26:32 | title | mongodb.js:32:38:32:42 | title | provenance | |
| mongodb.js:26:19:26:26 | req.body | mongodb.js:26:19:26:32 | req.body.title | provenance | Config |
| mongodb.js:26:19:26:32 | req.body.title | mongodb.js:26:11:26:32 | title | provenance | |
| mongodb.js:32:27:32:43 | JSON.parse(title) | mongodb.js:32:18:32:45 | { title ... itle) } | provenance | Config |
| mongodb.js:32:38:32:42 | title | mongodb.js:32:27:32:43 | JSON.parse(title) | provenance | Config |
| mongodb.js:48:11:48:20 | query | mongodb.js:49:5:49:9 | query | provenance | |
| mongodb.js:48:19:48:20 | {} | mongodb.js:48:11:48:20 | query | provenance | |
| mongodb.js:49:5:49:9 | query | mongodb.js:54:16:54:20 | query | provenance | |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:11:48:20 | query | provenance | Config |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:19:48:20 | {} | provenance | Config |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:49:5:49:9 | query | provenance | Config |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | provenance | Config |
| mongodb.js:59:8:59:17 | query | mongodb.js:60:2:60:6 | query | provenance | |
| mongodb.js:59:16:59:17 | {} | mongodb.js:59:8:59:17 | query | provenance | |
| mongodb.js:60:2:60:6 | query | mongodb.js:65:12:65:16 | query | provenance | |
| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:8:59:17 | query | provenance | Config |
| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:16:59:17 | {} | provenance | Config |
| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:60:2:60:6 | query | provenance | Config |
| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | provenance | Config |
| mongodb.js:70:7:70:25 | tag | mongodb.js:77:22:77:24 | tag | provenance | |
| mongodb.js:70:7:70:25 | tag | mongodb.js:85:20:85:22 | tag | provenance | |
| mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:70:7:70:25 | tag | provenance | |
| mongodb.js:77:22:77:24 | tag | mongodb.js:77:14:77:26 | { tags: tag } | provenance | Config |
| mongodb.js:85:20:85:22 | tag | mongodb.js:85:12:85:24 | { tags: tag } | provenance | Config |
| mongodb.js:106:9:106:18 | query | mongodb.js:107:3:107:7 | query | provenance | |
| mongodb.js:106:17:106:18 | {} | mongodb.js:106:9:106:18 | query | provenance | |
| mongodb.js:107:3:107:7 | query | mongodb.js:112:14:112:18 | query | provenance | |
| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:9:106:18 | query | provenance | Config |
| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:17:106:18 | {} | provenance | Config |
| mongodb.js:107:17:107:29 | queries.title | mongodb.js:107:3:107:7 | query | provenance | Config |
| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | provenance | Config |
| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:24:5:24:9 | query | provenance | |
| mongodb_bodySafe.js:23:19:23:20 | {} | mongodb_bodySafe.js:23:11:23:20 | query | provenance | |
| mongodb_bodySafe.js:24:5:24:9 | query | mongodb_bodySafe.js:29:16:29:20 | query | provenance | |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:11:23:20 | query | provenance | Config |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:19:23:20 | {} | provenance | Config |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:24:5:24:9 | query | provenance | Config |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | provenance | Config |
| mongoose.js:20:8:20:17 | query | mongoose.js:21:2:21:6 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:24:22:24:26 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:27:17:27:21 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:30:22:30:26 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:33:21:33:25 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:36:28:36:32 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:39:16:39:20 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:42:19:42:23 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:45:28:45:32 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:48:28:48:32 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:51:28:51:32 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:54:22:54:26 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:57:18:57:22 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:60:22:60:26 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:63:21:63:25 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:65:32:65:36 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:67:27:67:31 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:68:8:68:12 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:71:17:71:21 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:72:10:72:14 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:73:8:73:12 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:74:7:74:11 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:75:16:75:20 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:76:12:76:16 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:77:10:77:14 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:81:37:81:41 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:82:46:82:50 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:83:47:83:51 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:104:21:104:25 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:111:14:111:18 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:113:31:113:35 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:133:38:133:42 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:134:30:134:34 | query | provenance | |
| mongoose.js:20:8:20:17 | query | mongoose.js:136:30:136:34 | query | provenance | |
| mongoose.js:20:16:20:17 | {} | mongoose.js:20:8:20:17 | query | provenance | |
| mongoose.js:21:2:21:6 | query | mongoose.js:24:22:24:26 | query | provenance | |
| mongoose.js:21:16:21:23 | req.body | mongoose.js:21:16:21:29 | req.body.title | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:8:20:17 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:16:20:17 | {} | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:21:2:21:6 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:24:22:24:26 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:27:17:27:21 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:30:22:30:26 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:33:21:33:25 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:36:28:36:32 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:39:16:39:20 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:42:19:42:23 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:45:28:45:32 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:48:28:48:32 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:51:28:51:32 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:54:22:54:26 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:57:18:57:22 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:60:22:60:26 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:63:21:63:25 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:65:32:65:36 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:67:27:67:31 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:68:8:68:12 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:71:17:71:21 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:72:10:72:14 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:73:8:73:12 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:74:7:74:11 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:75:16:75:20 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:76:12:76:16 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:77:10:77:14 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:81:37:81:41 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:82:46:82:50 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:83:47:83:51 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:85:46:85:50 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:87:51:87:55 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:89:46:89:50 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:92:46:92:50 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:94:51:94:55 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:96:46:96:50 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:104:21:104:25 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:111:14:111:18 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:113:31:113:35 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:133:38:133:42 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:134:30:134:34 | query | provenance | Config |
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:136:30:136:34 | query | provenance | Config |
| mongoose.js:24:22:24:26 | query | mongoose.js:24:21:24:27 | [query] | provenance | Config |
| mongoose.js:24:22:24:26 | query | mongoose.js:27:17:27:21 | query | provenance | |
| mongoose.js:27:17:27:21 | query | mongoose.js:30:22:30:26 | query | provenance | |
| mongoose.js:30:22:30:26 | query | mongoose.js:33:21:33:25 | query | provenance | |
| mongoose.js:33:21:33:25 | query | mongoose.js:36:28:36:32 | query | provenance | |
| mongoose.js:36:28:36:32 | query | mongoose.js:39:16:39:20 | query | provenance | |
| mongoose.js:39:16:39:20 | query | mongoose.js:42:19:42:23 | query | provenance | |
| mongoose.js:42:19:42:23 | query | mongoose.js:45:28:45:32 | query | provenance | |
| mongoose.js:45:28:45:32 | query | mongoose.js:48:28:48:32 | query | provenance | |
| mongoose.js:48:28:48:32 | query | mongoose.js:51:28:51:32 | query | provenance | |
| mongoose.js:51:28:51:32 | query | mongoose.js:54:22:54:26 | query | provenance | |
| mongoose.js:54:22:54:26 | query | mongoose.js:57:18:57:22 | query | provenance | |
| mongoose.js:57:18:57:22 | query | mongoose.js:60:22:60:26 | query | provenance | |
| mongoose.js:60:22:60:26 | query | mongoose.js:63:21:63:25 | query | provenance | |
| mongoose.js:63:21:63:25 | query | mongoose.js:65:32:65:36 | query | provenance | |
| mongoose.js:65:32:65:36 | query | mongoose.js:67:27:67:31 | query | provenance | |
| mongoose.js:67:27:67:31 | query | mongoose.js:68:8:68:12 | query | provenance | |
| mongoose.js:68:8:68:12 | query | mongoose.js:71:17:71:21 | query | provenance | |
| mongoose.js:71:17:71:21 | query | mongoose.js:72:10:72:14 | query | provenance | |
| mongoose.js:72:10:72:14 | query | mongoose.js:73:8:73:12 | query | provenance | |
| mongoose.js:73:8:73:12 | query | mongoose.js:74:7:74:11 | query | provenance | |
| mongoose.js:74:7:74:11 | query | mongoose.js:75:16:75:20 | query | provenance | |
| mongoose.js:75:16:75:20 | query | mongoose.js:76:12:76:16 | query | provenance | |
| mongoose.js:76:12:76:16 | query | mongoose.js:77:10:77:14 | query | provenance | |
| mongoose.js:77:10:77:14 | query | mongoose.js:81:37:81:41 | query | provenance | |
| mongoose.js:81:37:81:41 | query | mongoose.js:82:46:82:50 | query | provenance | |
| mongoose.js:82:46:82:50 | query | mongoose.js:83:47:83:51 | query | provenance | |
| mongoose.js:83:47:83:51 | query | mongoose.js:85:46:85:50 | query | provenance | |
| mongoose.js:83:47:83:51 | query | mongoose.js:87:51:87:55 | query | provenance | |
| mongoose.js:83:47:83:51 | query | mongoose.js:89:46:89:50 | query | provenance | |
| mongoose.js:83:47:83:51 | query | mongoose.js:92:46:92:50 | query | provenance | |
| mongoose.js:83:47:83:51 | query | mongoose.js:94:51:94:55 | query | provenance | |
| mongoose.js:83:47:83:51 | query | mongoose.js:96:46:96:50 | query | provenance | |
| mongoose.js:83:47:83:51 | query | mongoose.js:104:21:104:25 | query | provenance | |
| mongoose.js:104:21:104:25 | query | mongoose.js:111:14:111:18 | query | provenance | |
| mongoose.js:111:14:111:18 | query | mongoose.js:113:31:113:35 | query | provenance | |
| mongoose.js:113:31:113:35 | query | mongoose.js:133:38:133:42 | query | provenance | |
| mongoose.js:115:6:115:22 | id | mongoose.js:123:20:123:21 | id | provenance | |
| mongoose.js:115:6:115:22 | id | mongoose.js:130:23:130:24 | id | provenance | |
| mongoose.js:115:11:115:22 | req.query.id | mongoose.js:115:6:115:22 | id | provenance | |
| mongoose.js:115:25:115:45 | cond | mongoose.js:116:22:116:25 | cond | provenance | |
| mongoose.js:115:25:115:45 | cond | mongoose.js:117:21:117:24 | cond | provenance | |
| mongoose.js:115:25:115:45 | cond | mongoose.js:118:21:118:24 | cond | provenance | |
| mongoose.js:115:25:115:45 | cond | mongoose.js:119:18:119:21 | cond | provenance | |
| mongoose.js:115:25:115:45 | cond | mongoose.js:120:22:120:25 | cond | provenance | |
| mongoose.js:115:25:115:45 | cond | mongoose.js:121:16:121:19 | cond | provenance | |
| mongoose.js:115:25:115:45 | cond | mongoose.js:122:19:122:22 | cond | provenance | |
| mongoose.js:115:25:115:45 | cond | mongoose.js:124:28:124:31 | cond | provenance | |
| mongoose.js:115:25:115:45 | cond | mongoose.js:125:28:125:31 | cond | provenance | |
| mongoose.js:115:25:115:45 | cond | mongoose.js:126:28:126:31 | cond | provenance | |
| mongoose.js:115:25:115:45 | cond | mongoose.js:127:18:127:21 | cond | provenance | |
| mongoose.js:115:25:115:45 | cond | mongoose.js:128:22:128:25 | cond | provenance | |
| mongoose.js:115:25:115:45 | cond | mongoose.js:129:21:129:24 | cond | provenance | |
| mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:115:25:115:45 | cond | provenance | |
| mongoose.js:130:23:130:24 | id | mongoose.js:130:16:130:26 | { _id: id } | provenance | Config |
| mongoose.js:133:38:133:42 | query | mongoose.js:134:30:134:34 | query | provenance | |
| mongoose.js:133:38:133:42 | query | mongoose.js:136:30:136:34 | query | provenance | |
| mongooseJsonParse.js:19:11:19:20 | query | mongooseJsonParse.js:23:19:23:23 | query | provenance | |
| mongooseJsonParse.js:19:19:19:20 | {} | mongooseJsonParse.js:19:11:19:20 | query | provenance | |
| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | provenance | Config |
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:11:19:20 | query | provenance | Config |
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:19:19:20 | {} | provenance | Config |
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:23:19:23:23 | query | provenance | Config |
| mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | provenance | Config |
| mongooseModelClient.js:10:7:10:32 | v | mongooseModelClient.js:11:22:11:22 | v | provenance | |
| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | mongooseModelClient.js:10:7:10:32 | v | provenance | |
| mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:10:22:10:31 | req.body.x | provenance | Config |
| mongooseModelClient.js:10:22:10:31 | req.body.x | mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | provenance | Config |
| mongooseModelClient.js:11:22:11:22 | v | mongooseModelClient.js:11:16:11:24 | { id: v } | provenance | Config |
| mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:22:12:32 | req.body.id | provenance | Config |
| mongooseModelClient.js:12:22:12:32 | req.body.id | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | provenance | Config |
| mysql.js:6:9:6:31 | temp | mysql.js:15:62:15:65 | temp | provenance | |
| mysql.js:6:9:6:31 | temp | mysql.js:19:70:19:73 | temp | provenance | |
| mysql.js:6:16:6:31 | req.params.value | mysql.js:6:9:6:31 | temp | provenance | |
| mysql.js:15:62:15:65 | temp | mysql.js:15:18:15:65 | 'SELECT ... + temp | provenance | |
| mysql.js:19:70:19:73 | temp | mysql.js:19:26:19:73 | 'SELECT ... + temp | provenance | |
| pg-promise-types.ts:7:9:7:28 | taint | pg-promise-types.ts:8:17:8:21 | taint | provenance | |
| pg-promise-types.ts:7:17:7:28 | req.params.x | pg-promise-types.ts:7:9:7:28 | taint | provenance | |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:9:10:9:14 | query | provenance | |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:10:11:10:15 | query | provenance | |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:11:17:11:21 | query | provenance | |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:12:10:12:14 | query | provenance | |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:13:12:13:16 | query | provenance | |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:14:18:14:22 | query | provenance | |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:15:11:15:15 | query | provenance | |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:16:10:16:14 | query | provenance | |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:17:16:17:20 | query | provenance | |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:18:12:18:16 | query | provenance | |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:19:13:19:17 | query | provenance | |
| pg-promise.js:6:7:7:55 | query | pg-promise.js:22:11:22:15 | query | provenance | |
| pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:6:7:7:55 | query | provenance | |
| pg-promise.js:9:10:9:14 | query | pg-promise.js:10:11:10:15 | query | provenance | |
| pg-promise.js:10:11:10:15 | query | pg-promise.js:11:17:11:21 | query | provenance | |
| pg-promise.js:11:17:11:21 | query | pg-promise.js:12:10:12:14 | query | provenance | |
| pg-promise.js:12:10:12:14 | query | pg-promise.js:13:12:13:16 | query | provenance | |
| pg-promise.js:13:12:13:16 | query | pg-promise.js:14:18:14:22 | query | provenance | |
| pg-promise.js:14:18:14:22 | query | pg-promise.js:15:11:15:15 | query | provenance | |
| pg-promise.js:15:11:15:15 | query | pg-promise.js:16:10:16:14 | query | provenance | |
| pg-promise.js:16:10:16:14 | query | pg-promise.js:17:16:17:20 | query | provenance | |
| pg-promise.js:17:16:17:20 | query | pg-promise.js:18:12:18:16 | query | provenance | |
| pg-promise.js:18:12:18:16 | query | pg-promise.js:19:13:19:17 | query | provenance | |
| pg-promise.js:19:13:19:17 | query | pg-promise.js:22:11:22:15 | query | provenance | |
| pg-promise.js:22:11:22:15 | query | pg-promise.js:60:20:60:24 | query | provenance | |
| pg-promise.js:22:11:22:15 | query | pg-promise.js:63:23:63:27 | query | provenance | |
| pg-promise.js:22:11:22:15 | query | pg-promise.js:64:16:64:20 | query | provenance | |
| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | |
| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | |
| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | |
| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | provenance | Config |
| redis.js:12:9:12:26 | key | redis.js:13:16:13:18 | key | provenance | |
| redis.js:12:9:12:26 | key | redis.js:18:16:18:18 | key | provenance | |
| redis.js:12:9:12:26 | key | redis.js:19:43:19:45 | key | provenance | |
| redis.js:12:9:12:26 | key | redis.js:25:14:25:16 | key | provenance | |
| redis.js:12:9:12:26 | key | redis.js:26:14:26:16 | key | provenance | |
| redis.js:12:9:12:26 | key | redis.js:32:28:32:30 | key | provenance | |
| redis.js:12:15:12:22 | req.body | redis.js:12:15:12:26 | req.body.key | provenance | Config |
| redis.js:12:15:12:26 | req.body.key | redis.js:12:9:12:26 | key | provenance | |
| redis.js:13:16:13:18 | key | redis.js:18:16:18:18 | key | provenance | |
| redis.js:18:16:18:18 | key | redis.js:19:43:19:45 | key | provenance | |
| redis.js:19:43:19:45 | key | redis.js:25:14:25:16 | key | provenance | |
| redis.js:25:14:25:16 | key | redis.js:26:14:26:16 | key | provenance | |
| redis.js:26:14:26:16 | key | redis.js:30:23:30:25 | key | provenance | |
| redis.js:26:14:26:16 | key | redis.js:32:28:32:30 | key | provenance | |
| redis.js:38:11:38:28 | key | redis.js:39:16:39:18 | key | provenance | |
| redis.js:38:11:38:28 | key | redis.js:43:27:43:29 | key | provenance | |
| redis.js:38:11:38:28 | key | redis.js:46:34:46:36 | key | provenance | |
| redis.js:38:17:38:24 | req.body | redis.js:38:17:38:28 | req.body.key | provenance | Config |
| redis.js:38:17:38:28 | req.body.key | redis.js:38:11:38:28 | key | provenance | |
| socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle | provenance | |
| socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | provenance | |
| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | provenance | |
| tst3.js:7:7:8:55 | query1 | tst3.js:9:14:9:19 | query1 | provenance | |
| tst3.js:8:16:8:34 | req.params.category | tst3.js:7:7:8:55 | query1 | provenance | |
| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | provenance | |
| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | provenance | |
subpaths
#select
| graphql.js:10:34:20:5 | `\\n ... }\\n ` | graphql.js:8:16:8:28 | req.params.id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | This query string depends on a $@. | graphql.js:8:16:8:28 | req.params.id | user-provided value |

83
javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected
View File

@@ -1,32 +1,45 @@
edges
| build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} |
| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] |
| build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) |
| build-leaks.js:13:11:19:10 | raw | build-leaks.js:22:36:22:38 | raw |
| build-leaks.js:13:17:19:10 | Object. ... }) | build-leaks.js:13:11:19:10 | raw |
| build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env |
| build-leaks.js:15:13:15:15 | [post update] env | build-leaks.js:14:18:14:20 | env |
| build-leaks.js:15:13:15:15 | [post update] env | build-leaks.js:17:12:19:9 | [post update] {\\n ... } |
| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:15:13:15:15 | [post update] env |
| build-leaks.js:16:20:16:22 | env | build-leaks.js:13:17:19:10 | Object. ... }) |
| build-leaks.js:17:12:19:9 | [post update] {\\n ... } | build-leaks.js:17:12:19:9 | {\\n ... } |
| build-leaks.js:17:12:19:9 | {\\n ... } | build-leaks.js:13:17:19:10 | Object. ... }) |
| build-leaks.js:21:11:26:5 | stringifed [process.env] | build-leaks.js:30:22:30:31 | stringifed [process.env] |
| build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | build-leaks.js:21:11:26:5 | stringifed [process.env] |
| build-leaks.js:22:24:25:14 | Object. ... }, {}) | build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] |
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:24:25:14 | Object. ... }, {}) |
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:25:12:25:13 | [post update] {} |
| build-leaks.js:25:12:25:13 | [post update] {} | build-leaks.js:25:12:25:13 | {} |
| build-leaks.js:25:12:25:13 | {} | build-leaks.js:22:24:25:14 | Object. ... }, {}) |
| build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] |
| build-leaks.js:30:22:30:31 | stringifed [process.env] | build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] |
| build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | build-leaks.js:34:26:34:57 | getEnv( ... ngified [process.env] |
| build-leaks.js:34:26:34:57 | getEnv( ... ngified [process.env] | build-leaks.js:34:26:34:57 | getEnv( ... ngified |
| build-leaks.js:40:9:40:60 | pw | build-leaks.js:41:82:41:83 | pw |
| build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:40:9:40:60 | pw |
| build-leaks.js:41:43:41:86 | [post update] { "proc ... y(pw) } [process.env.secret] | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } |
| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | [post update] { "proc ... y(pw) } [process.env.secret] |
| build-leaks.js:41:82:41:83 | pw | build-leaks.js:41:67:41:84 | JSON.stringify(pw) |
| build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | provenance | |
| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | provenance | |
| build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | provenance | |
| build-leaks.js:13:11:19:10 | raw | build-leaks.js:22:36:22:38 | raw | provenance | |
| build-leaks.js:13:17:19:10 | Object. ... }) | build-leaks.js:13:11:19:10 | raw | provenance | |
| build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env | provenance | |
| build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env | provenance | |
| build-leaks.js:14:18:14:20 | env [Return] | build-leaks.js:17:12:19:9 | [post update] {\\n ... } | provenance | |
| build-leaks.js:15:13:15:15 | [post update] env | build-leaks.js:14:18:14:20 | env | provenance | |
| build-leaks.js:15:13:15:15 | [post update] env | build-leaks.js:14:18:14:20 | env [Return] | provenance | |
| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:15:13:15:15 | [post update] env | provenance | Config |
| build-leaks.js:16:20:16:22 | env | build-leaks.js:13:17:19:10 | Object. ... }) | provenance | |
| build-leaks.js:16:20:16:22 | env | build-leaks.js:14:18:14:20 | env | provenance | |
| build-leaks.js:16:20:16:22 | env | build-leaks.js:22:49:22:51 | env | provenance | |
| build-leaks.js:17:12:19:9 | [post update] {\\n ... } | build-leaks.js:17:12:19:9 | {\\n ... } | provenance | |
| build-leaks.js:17:12:19:9 | {\\n ... } | build-leaks.js:13:17:19:10 | Object. ... }) | provenance | |
| build-leaks.js:17:12:19:9 | {\\n ... } | build-leaks.js:14:18:14:20 | env | provenance | |
| build-leaks.js:21:11:26:5 | stringifed [process.env] | build-leaks.js:30:22:30:31 | stringifed [process.env] | provenance | |
| build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | build-leaks.js:21:11:26:5 | stringifed [process.env] | provenance | |
| build-leaks.js:22:24:25:14 | Object. ... }, {}) | build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | provenance | |
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:24:25:14 | Object. ... }, {}) | provenance | |
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:49:22:51 | env | provenance | Config |
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | provenance | |
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:25:12:25:13 | [post update] {} | provenance | |
| build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | provenance | |
| build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | provenance | |
| build-leaks.js:23:13:23:15 | [post update] env | build-leaks.js:22:49:22:51 | env | provenance | |
| build-leaks.js:23:13:23:15 | [post update] env | build-leaks.js:22:49:22:51 | env [Return] | provenance | |
| build-leaks.js:23:39:23:41 | raw | build-leaks.js:23:13:23:15 | [post update] env | provenance | Config |
| build-leaks.js:25:12:25:13 | [post update] {} | build-leaks.js:25:12:25:13 | {} | provenance | |
| build-leaks.js:25:12:25:13 | {} | build-leaks.js:22:24:25:14 | Object. ... }, {}) | provenance | |
| build-leaks.js:25:12:25:13 | {} | build-leaks.js:22:49:22:51 | env | provenance | |
| build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | provenance | |
| build-leaks.js:30:22:30:31 | stringifed [process.env] | build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | provenance | |
| build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | build-leaks.js:34:26:34:57 | getEnv( ... ngified [process.env] | provenance | |
| build-leaks.js:34:26:34:57 | getEnv( ... ngified [process.env] | build-leaks.js:34:26:34:57 | getEnv( ... ngified | provenance | |
| build-leaks.js:40:9:40:60 | pw | build-leaks.js:41:82:41:83 | pw | provenance | |
| build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:40:9:40:60 | pw | provenance | |
| build-leaks.js:41:43:41:86 | [post update] { "proc ... y(pw) } [process.env.secret] | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | provenance | |
| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | [post update] { "proc ... y(pw) } [process.env.secret] | provenance | |
| build-leaks.js:41:82:41:83 | pw | build-leaks.js:41:67:41:84 | JSON.stringify(pw) | provenance | |
nodes
| build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | semmle.label | [post update] { // NO ... .env)\\n} [process.env] |
| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | semmle.label | { // NO ... .env)\\n} |
@@ -35,15 +48,25 @@ nodes
| build-leaks.js:13:11:19:10 | raw | semmle.label | raw |
| build-leaks.js:13:17:19:10 | Object. ... }) | semmle.label | Object. ... }) |
| build-leaks.js:14:18:14:20 | env | semmle.label | env |
| build-leaks.js:14:18:14:20 | env | semmle.label | env |
| build-leaks.js:14:18:14:20 | env [Return] | semmle.label | env [Return] |
| build-leaks.js:15:13:15:15 | [post update] env | semmle.label | [post update] env |
| build-leaks.js:15:24:15:34 | process.env | semmle.label | process.env |
| build-leaks.js:16:20:16:22 | env | semmle.label | env |
| build-leaks.js:16:20:16:22 | env | semmle.label | env |
| build-leaks.js:17:12:19:9 | [post update] {\\n ... } | semmle.label | [post update] {\\n ... } |
| build-leaks.js:17:12:19:9 | {\\n ... } | semmle.label | {\\n ... } |
| build-leaks.js:21:11:26:5 | stringifed [process.env] | semmle.label | stringifed [process.env] |
| build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | semmle.label | {\\n ... )\\n } [process.env] |
| build-leaks.js:22:24:25:14 | Object. ... }, {}) | semmle.label | Object. ... }, {}) |
| build-leaks.js:22:36:22:38 | raw | semmle.label | raw |
| build-leaks.js:22:49:22:51 | env | semmle.label | env |
| build-leaks.js:22:49:22:51 | env | semmle.label | env |
| build-leaks.js:22:49:22:51 | env [Return] | semmle.label | env [Return] |
| build-leaks.js:23:13:23:15 | [post update] env | semmle.label | [post update] env |
| build-leaks.js:23:39:23:41 | raw | semmle.label | raw |
| build-leaks.js:24:20:24:22 | env | semmle.label | env |
| build-leaks.js:24:20:24:22 | env | semmle.label | env |
| build-leaks.js:25:12:25:13 | [post update] {} | semmle.label | [post update] {} |
| build-leaks.js:25:12:25:13 | {} | semmle.label | {} |
| build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | semmle.label | {\\n ... d\\n } [stringified, process.env] |
@@ -58,6 +81,10 @@ nodes
| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | semmle.label | JSON.stringify(pw) |
| build-leaks.js:41:82:41:83 | pw | semmle.label | pw |
subpaths
| build-leaks.js:17:12:19:9 | {\\n ... } | build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env | build-leaks.js:13:17:19:10 | Object. ... }) |
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | build-leaks.js:22:49:22:51 | env [Return] | build-leaks.js:25:12:25:13 | [post update] {} |
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) |
| build-leaks.js:25:12:25:13 | {} | build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) |
#select
| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | build-leaks.js:5:35:5:45 | process.env | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | This creates a build artifact that depends on $@. | build-leaks.js:5:35:5:45 | process.env | sensitive data returned byprocess environment |
| build-leaks.js:34:26:34:57 | getEnv( ... ngified | build-leaks.js:15:24:15:34 | process.env | build-leaks.js:34:26:34:57 | getEnv( ... ngified | This creates a build artifact that depends on $@. | build-leaks.js:15:24:15:34 | process.env | sensitive data returned byprocess environment |