hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into js/shared-dataflow

Browse Source
This commit is contained in:
Asger F
2024-05-02 19:43:34 +02:00
parent 711a08b0d4 f7113e0105
commit c408ab9e6a
3600 changed files with 156789 additions and 319781 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
javascript/ql/test/ApiGraphs/classes/classes.js
View File

@@ -25,3 +25,24 @@ MyOtherStream.prototype.instanceProp = 1; /* def=moduleImport("classes").getMemb
MyOtherStream.classProp = 1; /* def=moduleImport("classes").getMember("exports").getMember("MyOtherStream").getMember("classProp") */
module.exports.MyOtherStream = MyOtherStream;
// function-style class without .prototype reference
function MyThirdStream() { /* use=moduleImport("classes").getMember("exports").getMember("MyThirdStream").getInstance() */
}
let instance = new MyThirdStream(); /* use=moduleImport("classes").getMember("exports").getMember("MyThirdStream").getInstance() */
module.exports.MyThirdStream = MyThirdStream;
// function-style class without .prototype reference (through global variable)
(function(f) {
foo.bar = function() { /* use=moduleImport("classes").getMember("exports").getMember("bar").getInstance() */
}
})(foo = foo || {});
(function(f) {
let x = new f.bar(); /* use=moduleImport("classes").getMember("exports").getMember("bar").getInstance() */
})(foo = foo || {});
module.exports.bar = foo.bar;

0
javascript/ql/test/ApiGraphs/custom-use-steps/VerifyAssertions.expected Normal file
View File

13
javascript/ql/test/ApiGraphs/custom-use-steps/VerifyAssertions.ql Normal file
View File

@@ -0,0 +1,13 @@
import ApiGraphs.VerifyAssertions
private import semmle.javascript.dataflow.internal.PreCallGraphStep
class CustomUseStep extends PreCallGraphStep {
override predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) {
exists(DataFlow::CallNode call |
call.getCalleeName() = "customLoad" and
pred = call.getArgument(0) and
succ = call and
prop = call.getArgument(1).getStringValue()
)
}
}

4
javascript/ql/test/ApiGraphs/custom-use-steps/index.js Normal file
View File

@@ -0,0 +1,4 @@
const foo = require("foo");
foo.bar; // use=moduleImport("foo").getMember("exports").getMember("bar")
customLoad(foo, "baz") // use=moduleImport("foo").getMember("exports").getMember("baz")

3
javascript/ql/test/ApiGraphs/custom-use-steps/package.json Normal file
View File

@@ -0,0 +1,3 @@
{
"name": "custom-use-steps"
}

3
javascript/ql/test/ApiGraphs/reexport/index.js
View File

@@ -4,5 +4,6 @@ module.exports = {
impl,
util: require("./lib/utils"),
other: require("./lib/stuff"),
util2: require("./lib/utils2")
util2: require("./lib/utils2"),
esmodule: require("./lib/esmodule-reexport"),
};

2
javascript/ql/test/ApiGraphs/reexport/lib/esmodule-reexport.js Normal file
View File

@@ -0,0 +1,2 @@
export * from "./esmodule-reexported1";
export * as lib2 from "./esmodule-reexported2";

1
javascript/ql/test/ApiGraphs/reexport/lib/esmodule-reexported1.js Normal file
View File

@@ -0,0 +1 @@
export function one() {} /* def=moduleImport("reexport").getMember("exports").getMember("esmodule").getMember("one") */

1
javascript/ql/test/ApiGraphs/reexport/lib/esmodule-reexported2.js Normal file
View File

@@ -0,0 +1 @@
export function two() {} /* def=moduleImport("reexport").getMember("exports").getMember("esmodule").getMember("lib2").getMember("two") */

19
javascript/ql/test/library-tests/CallGraphs/AnnotatedTest/implied-receiver.js Normal file
View File

@@ -0,0 +1,19 @@
import 'dummy';
function fooFactoryFactory() {
return function fooFactory() {
return function foo() {
/** calls:F.member */
this.member();
}
}
}
function F() {
this.foo = fooFactoryFactory()();
}
/** name:F.member */
F.prototype.member = function() {
return 42;
};

2
javascript/ql/test/library-tests/Directives/KnownDirective.ql
View File

@@ -1,4 +1,4 @@
import javascript
from KnownDirective d
from Directive::KnownDirective d
select d, d.getDirectiveText()

67
javascript/ql/test/library-tests/ModelGeneration/ModelGeneration.expected Normal file
View File

@@ -0,0 +1,67 @@
typeModel
| (aliases).Alias1 | (aliases) | Member[Alias1] |
| (aliases).Alias1 | (aliases) | Member[Alias2] |
| (aliases).Alias1 | (aliases) | Member[Alias3].Member[x] |
| (aliases).Alias1 | (aliases) | Member[Alias4].Member[x].Member[x] |
| (aliases).Alias1 | (aliases) | Member[AliasedClass] |
| (aliases).Alias1.prototype | (aliases).Alias1 | Instance |
| (aliases).Alias1.prototype | (aliases).Alias1.prototype.foo | ReturnValue |
| (aliases).Alias1.prototype.foo | (aliases).Alias1.prototype | Member[foo] |
| (long-access-path).a.shortcut.d | (long-access-path) | Member[a].Member[b].Member[c].Member[d] |
| (long-access-path).a.shortcut.d | (long-access-path) | Member[a].Member[shortcut].Member[d] |
| (long-access-path).a.shortcut.d.e | (long-access-path).a.shortcut.d | Member[e] |
| (reexport).func | (reexport) | Member[func] |
| (return-this).FluentInterface | (return-this) | Member[FluentInterface] |
| (return-this).FluentInterface.prototype | (return-this).FluentInterface | Instance |
| (return-this).FluentInterface.prototype | (return-this).FluentInterface.prototype.bar | ReturnValue |
| (return-this).FluentInterface.prototype | (return-this).FluentInterface.prototype.baz | ReturnValue |
| (return-this).FluentInterface.prototype | (return-this).FluentInterface.prototype.foo | ReturnValue |
| (return-this).FluentInterface.prototype.bar | (return-this).FluentInterface.prototype | Member[bar] |
| (return-this).FluentInterface.prototype.baz | (return-this).FluentInterface.prototype | Member[baz] |
| (return-this).FluentInterface.prototype.foo | (return-this).FluentInterface.prototype | Member[foo] |
| (return-this).FluentInterface.prototype.notFluent | (return-this).FluentInterface.prototype | Member[notFluent] |
| (return-this).FluentInterface.prototype.notFluent2 | (return-this).FluentInterface.prototype | Member[notFluent2] |
| (root-function).PublicClass | (root-function) | Member[PublicClass] |
| (root-function).PublicClass.prototype | (root-function) | ReturnValue |
| (root-function).PublicClass.prototype | (root-function).PublicClass | Instance |
| (root-function).PublicClass.prototype.method | (root-function).PublicClass.prototype | Member[method] |
| (semi-internal-class).PublicClass | (semi-internal-class) | Member[PublicClass] |
| (semi-internal-class).PublicClass.prototype | (semi-internal-class).PublicClass | Instance |
| (semi-internal-class).PublicClass.prototype | (semi-internal-class).SemiInternalClass.prototype.method | ReturnValue |
| (semi-internal-class).PublicClass.prototype | (semi-internal-class).getAnonymous~expr2 | ReturnValue |
| (semi-internal-class).PublicClass.prototype.publicMethod | (semi-internal-class).PublicClass.prototype | Member[publicMethod] |
| (semi-internal-class).SemiInternalClass.prototype | (semi-internal-class).get | ReturnValue |
| (semi-internal-class).SemiInternalClass.prototype.method | (semi-internal-class).SemiInternalClass.prototype | Member[method] |
| (semi-internal-class).get | (semi-internal-class) | Member[get] |
| (semi-internal-class).getAnonymous | (semi-internal-class) | Member[getAnonymous] |
| (semi-internal-class).getAnonymous~expr1 | (semi-internal-class).getAnonymous | ReturnValue |
| (semi-internal-class).getAnonymous~expr2 | (semi-internal-class).getAnonymous~expr1 | Member[method] |
| (subclass).A | (subclass) | Member[A] |
| (subclass).A.prototype | (subclass).A | Instance |
| (subclass).A.prototype | (subclass).B.prototype | |
| (subclass).A.prototype | (subclass).ExposedMidSubClass.prototype~expr1 | |
| (subclass).A.prototype.a | (subclass).A.prototype | Member[a] |
| (subclass).B | (subclass) | Member[B] |
| (subclass).B.prototype | (subclass).B | Instance |
| (subclass).B.prototype | (subclass).C.prototype | |
| (subclass).B.prototype.b | (subclass).B.prototype | Member[b] |
| (subclass).C | (subclass) | Member[C] |
| (subclass).C.prototype | (subclass).C | Instance |
| (subclass).C.prototype.c | (subclass).C.prototype | Member[c] |
| (subclass).D | (subclass) | Member[D] |
| (subclass).D.prototype | (subclass).D | Instance |
| (subclass).D.prototype.d | (subclass).D.prototype | Member[d] |
| (subclass).ExposedMidSubClass | (subclass) | Member[ExposedMidSubClass] |
| (subclass).ExposedMidSubClass.prototype | (subclass).ExposedMidSubClass | Instance |
| (subclass).ExposedMidSubClass.prototype.m | (subclass).ExposedMidSubClass.prototype | Member[m] |
| (subclass).ExposedMidSubClass.prototype~expr1 | (subclass).ExposedMidSubClass.prototype | |
| upstream-lib | (reexport) | Member[lib] |
| upstream-lib | (reexport).func | ReturnValue |
| upstream-lib.Type | (subclass).D.prototype | |
| upstream-lib.XYZ | (reexport) | Member[x].Member[y].Member[z] |
| upstream-lib.XYZ | (reexport) | Member[xy].Member[z] |
summaryModel
| (aliases).Alias1.prototype | | | Member[foo].ReturnValue | type |
| (return-this).FluentInterface.prototype | | | Member[bar].ReturnValue | type |
| (return-this).FluentInterface.prototype | | | Member[baz].ReturnValue | type |
| (return-this).FluentInterface.prototype | | | Member[foo].ReturnValue | type |

7
javascript/ql/test/library-tests/ModelGeneration/ModelGeneration.ext.yml Normal file
View File

@@ -0,0 +1,7 @@
extensions:
- addsTo:
pack: codeql/javascript-all
extensible: typeModel
data:
- ["upstream-lib.XYZ", "upstream-lib", "Member[x].Member[y].Member[z]"]
- ["upstream-lib.Type", "upstream-lib", "Member[Type].Instance"]

19
javascript/ql/test/library-tests/ModelGeneration/ModelGeneration.ql Normal file
View File

@@ -0,0 +1,19 @@
private import javascript
private import semmle.javascript.endpoints.EndpointNaming as EndpointNaming
private import semmle.javascript.frameworks.data.internal.ApiGraphModels as Shared
module ModelExportConfig implements ModelExportSig {
predicate shouldContain(API::Node node) {
node.getAValueReachingSink() instanceof DataFlow::FunctionNode
}
predicate mustBeNamed(API::Node node) { shouldContain(node) }
predicate shouldContainType(string type) { Shared::isRelevantType(type) }
}
module Exported = ModelExport<ModelExportConfig>;
query predicate typeModel = Exported::typeModel/3;
query predicate summaryModel = Exported::summaryModel/5;

9
javascript/ql/test/library-tests/ModelGeneration/aliases/aliases.js Normal file
View File

@@ -0,0 +1,9 @@
export class AliasedClass {
foo() { return this; }
}
export const Alias1 = AliasedClass;
export const Alias2 = AliasedClass;
export const Alias3 = { x: AliasedClass };
export const Alias4 = { x: Alias3 };

4
javascript/ql/test/library-tests/ModelGeneration/aliases/package.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "aliases",
"main": "aliases.js"
}

11
javascript/ql/test/library-tests/ModelGeneration/long-access-path/long-access-path.js Normal file
View File

@@ -0,0 +1,11 @@
export const a = {
b: {
c: {
d: {
e: function() {}
}
}
}
};
a.shortcut = a.b.c;

4
javascript/ql/test/library-tests/ModelGeneration/long-access-path/package.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "long-access-path",
"main": "long-access-path.js"
}

4
javascript/ql/test/library-tests/ModelGeneration/reexport/package.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "reexport",
"main": "reexport.js"
}

10
javascript/ql/test/library-tests/ModelGeneration/reexport/reexport.js Normal file
View File

@@ -0,0 +1,10 @@
import * as lib from "upstream-lib";
export { lib };
export const x = lib.x;
export const xy = lib.x.y;
export function func() {
return lib;
}

4
javascript/ql/test/library-tests/ModelGeneration/return-this/package.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "return-this",
"main": "return-this.js"
}

17
javascript/ql/test/library-tests/ModelGeneration/return-this/return-this.js Normal file
View File

@@ -0,0 +1,17 @@
export class FluentInterface {
foo() {
return this;
}
bar() {
return this.foo();
}
baz() {
return this.foo().bar().bar().foo();
}
notFluent() {
this.foo();
}
notFluent2() {
return this.notFluent2();
}
}

4
javascript/ql/test/library-tests/ModelGeneration/root-function/package.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "root-function",
"main": "root-function.js"
}

9
javascript/ql/test/library-tests/ModelGeneration/root-function/root-function.js Normal file
View File

@@ -0,0 +1,9 @@
class C {
method() {}
}
module.exports = function() {
return new C();
}
module.exports.PublicClass = C;

4
javascript/ql/test/library-tests/ModelGeneration/semi-internal-class/package.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "semi-internal-class",
"main": "semi-internal-class.js"
}

21
javascript/ql/test/library-tests/ModelGeneration/semi-internal-class/semi-internal-class.js Normal file
View File

@@ -0,0 +1,21 @@
export class PublicClass {
publicMethod() {}
}
class SemiInternalClass {
method() {
return new PublicClass();
}
}
export function get() {
return new SemiInternalClass();
}
export function getAnonymous() {
return new (class {
method() {
return new PublicClass();
}
});
}

4
javascript/ql/test/library-tests/ModelGeneration/subclass/package.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "subclass",
"main": "subclass.js"
}

24
javascript/ql/test/library-tests/ModelGeneration/subclass/subclass.js Normal file
View File

@@ -0,0 +1,24 @@
export class A {
a() {}
}
export class B extends A {
b() {}
}
export class C extends B {
c() {}
}
import * as upstream from "upstream-lib";
export class D extends upstream.Type {
d() {}
}
// Test case where subclass chain goes through an internal class
class InternalMidClass extends A {}
export class ExposedMidSubClass extends InternalMidClass {
m() {}
}

2
javascript/ql/test/library-tests/Modules/tests.expected
View File

@@ -81,6 +81,7 @@ test_Module_exports
| export-in-mjs.mjs:1:1:1:34 | <toplevel> | exported_from_mjs | export-in-mjs.mjs:1:32:1:33 | 42 |
| f.ts:1:1:6:0 | <toplevel> | foo | f.ts:5:8:5:24 | function foo() {} |
| m/c.js:1:1:6:0 | <toplevel> | h | b.js:5:10:5:10 | f |
| reExportNamespace.js:1:1:2:0 | <toplevel> | ns | reExportNamespace.js:1:8:1:14 | * as ns |
| tst.html:4:23:8:0 | <toplevel> | y | tst.html:7:20:7:21 | 42 |
test_NamedImportSpecifier
| d.js:1:10:1:21 | default as g |
@@ -149,4 +150,5 @@ test_getSourceNode
| export-in-mjs.mjs:1:1:1:34 | export ... s = 42; | exported_from_mjs | export-in-mjs.mjs:1:32:1:33 | 42 |
| f.ts:5:1:5:24 | export ... oo() {} | foo | f.ts:5:8:5:24 | function foo() {} |
| m/c.js:5:1:5:30 | export ... '../b'; | h | b.js:5:10:5:10 | f |
| reExportNamespace.js:1:1:1:26 | export ... "./a"; | ns | reExportNamespace.js:1:8:1:14 | * as ns |
| tst.html:7:3:7:22 | export const y = 42; | y | tst.html:7:20:7:21 | 42 |

238
javascript/ql/test/library-tests/TypeScript/Types/printAst.expected
View File

@@ -124,6 +124,8 @@ nodes
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) |
| file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) |
| file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) |
@@ -167,6 +169,9 @@ nodes
| file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) |
| file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) |
| file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) |
| file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) |
| file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) |
| file://:0:0:0:0 | (TypeParameters) | semmle.label | (TypeParameters) |
| file://:0:0:0:0 | (TypeParameters) | semmle.label | (TypeParameters) |
| file://:0:0:0:0 | (TypeParameters) | semmle.label | (TypeParameters) |
| file://:0:0:0:0 | (TypeParameters) | semmle.label | (TypeParameters) |
@@ -1757,8 +1762,63 @@ nodes
| tst.ts:483:46:483:50 | [LocalTypeAccess] Pair3 | semmle.label | [LocalTypeAccess] Pair3 |
| tst.ts:483:46:483:58 | [GenericTypeExpr] Pair3<string> | semmle.label | [GenericTypeExpr] Pair3<string> |
| tst.ts:483:52:483:57 | [KeywordTypeExpr] string | semmle.label | [KeywordTypeExpr] string |
| tst.ts:486:1:496:1 | [NamespaceDeclaration] module ... }); } | semmle.label | [NamespaceDeclaration] module ... }); } |
| tst.ts:486:1:496:1 | [NamespaceDeclaration] module ... }); } | semmle.order | 90 |
| tst.ts:486:8:486:11 | [VarDecl] TS54 | semmle.label | [VarDecl] TS54 |
| tst.ts:487:3:489:3 | [FunctionDeclStmt] functio ... 0]; } | semmle.label | [FunctionDeclStmt] functio ... 0]; } |
| tst.ts:487:12:487:28 | [VarDecl] createStreetLight | semmle.label | [VarDecl] createStreetLight |
| tst.ts:487:30:487:30 | [Identifier] C | semmle.label | [Identifier] C |
| tst.ts:487:30:487:45 | [TypeParameter] C extends string | semmle.label | [TypeParameter] C extends string |
| tst.ts:487:40:487:45 | [KeywordTypeExpr] string | semmle.label | [KeywordTypeExpr] string |
| tst.ts:487:48:487:53 | [SimpleParameter] colors | semmle.label | [SimpleParameter] colors |
| tst.ts:487:56:487:56 | [LocalTypeAccess] C | semmle.label | [LocalTypeAccess] C |
| tst.ts:487:56:487:58 | [ArrayTypeExpr] C[] | semmle.label | [ArrayTypeExpr] C[] |
| tst.ts:487:61:487:72 | [SimpleParameter] defaultColor | semmle.label | [SimpleParameter] defaultColor |
| tst.ts:487:76:487:82 | [LocalTypeAccess] NoInfer | semmle.label | [LocalTypeAccess] NoInfer |
| tst.ts:487:76:487:85 | [GenericTypeExpr] NoInfer<C> | semmle.label | [GenericTypeExpr] NoInfer<C> |
| tst.ts:487:84:487:84 | [LocalTypeAccess] C | semmle.label | [LocalTypeAccess] C |
| tst.ts:487:88:489:3 | [BlockStmt] { r ... 0]; } | semmle.label | [BlockStmt] { r ... 0]; } |
| tst.ts:488:5:488:21 | [ReturnStmt] return colors[0]; | semmle.label | [ReturnStmt] return colors[0]; |
| tst.ts:488:12:488:17 | [VarRef] colors | semmle.label | [VarRef] colors |
| tst.ts:488:12:488:20 | [IndexExpr] colors[0] | semmle.label | [IndexExpr] colors[0] |
| tst.ts:488:19:488:19 | [Literal] 0 | semmle.label | [Literal] 0 |
| tst.ts:491:3:491:19 | [VarRef] createStreetLight | semmle.label | [VarRef] createStreetLight |
| tst.ts:491:3:491:57 | [CallExpr] createS ... ellow") | semmle.label | [CallExpr] createS ... ellow") |
| tst.ts:491:3:491:58 | [ExprStmt] createS ... llow"); | semmle.label | [ExprStmt] createS ... llow"); |
| tst.ts:491:21:491:46 | [ArrayExpr] ["red", ... green"] | semmle.label | [ArrayExpr] ["red", ... green"] |
| tst.ts:491:22:491:26 | [Literal] "red" | semmle.label | [Literal] "red" |
| tst.ts:491:29:491:36 | [Literal] "yellow" | semmle.label | [Literal] "yellow" |
| tst.ts:491:39:491:45 | [Literal] "green" | semmle.label | [Literal] "green" |
| tst.ts:491:49:491:56 | [Literal] "yellow" | semmle.label | [Literal] "yellow" |
| tst.ts:493:3:495:5 | [DeclStmt] const myObj = ... | semmle.label | [DeclStmt] const myObj = ... |
| tst.ts:493:9:493:13 | [VarDecl] myObj | semmle.label | [VarDecl] myObj |
| tst.ts:493:9:495:4 | [VariableDeclarator] myObj = ... "; }) | semmle.label | [VariableDeclarator] myObj = ... "; }) |
| tst.ts:493:17:493:22 | [VarRef] Object | semmle.label | [VarRef] Object |
| tst.ts:493:17:493:30 | [DotExpr] Object.groupBy | semmle.label | [DotExpr] Object.groupBy |
| tst.ts:493:17:495:4 | [MethodCallExpr] Object. ... "; }) | semmle.label | [MethodCallExpr] Object. ... "; }) |
| tst.ts:493:24:493:30 | [Label] groupBy | semmle.label | [Label] groupBy |
| tst.ts:493:32:493:49 | [ArrayExpr] [0, 1, 2, 3, 4, 5] | semmle.label | [ArrayExpr] [0, 1, 2, 3, 4, 5] |
| tst.ts:493:33:493:33 | [Literal] 0 | semmle.label | [Literal] 0 |
| tst.ts:493:36:493:36 | [Literal] 1 | semmle.label | [Literal] 1 |
| tst.ts:493:39:493:39 | [Literal] 2 | semmle.label | [Literal] 2 |
| tst.ts:493:42:493:42 | [Literal] 3 | semmle.label | [Literal] 3 |
| tst.ts:493:45:493:45 | [Literal] 4 | semmle.label | [Literal] 4 |
| tst.ts:493:48:493:48 | [Literal] 5 | semmle.label | [Literal] 5 |
| tst.ts:493:52:495:3 | [ArrowFunctionExpr] (num, i ... d"; } | semmle.label | [ArrowFunctionExpr] (num, i ... d"; } |
| tst.ts:493:53:493:55 | [SimpleParameter] num | semmle.label | [SimpleParameter] num |
| tst.ts:493:58:493:62 | [SimpleParameter] index | semmle.label | [SimpleParameter] index |
| tst.ts:493:68:495:3 | [BlockStmt] { r ... d"; } | semmle.label | [BlockStmt] { r ... d"; } |
| tst.ts:494:5:494:41 | [ReturnStmt] return ... "odd"; | semmle.label | [ReturnStmt] return ... "odd"; |
| tst.ts:494:12:494:14 | [VarRef] num | semmle.label | [VarRef] num |
| tst.ts:494:12:494:18 | [BinaryExpr] num % 2 | semmle.label | [BinaryExpr] num % 2 |
| tst.ts:494:12:494:24 | [BinaryExpr] num % 2 === 0 | semmle.label | [BinaryExpr] num % 2 === 0 |
| tst.ts:494:12:494:40 | [ConditionalExpr] num % 2 ... : "odd" | semmle.label | [ConditionalExpr] num % 2 ... : "odd" |
| tst.ts:494:18:494:18 | [Literal] 2 | semmle.label | [Literal] 2 |
| tst.ts:494:24:494:24 | [Literal] 0 | semmle.label | [Literal] 0 |
| tst.ts:494:28:494:33 | [Literal] "even" | semmle.label | [Literal] "even" |
| tst.ts:494:36:494:40 | [Literal] "odd" | semmle.label | [Literal] "odd" |
| tstModuleCJS.cts:1:1:3:1 | [ExportDeclaration] export ... 'b'; } | semmle.label | [ExportDeclaration] export ... 'b'; } |
| tstModuleCJS.cts:1:1:3:1 | [ExportDeclaration] export ... 'b'; } | semmle.order | 90 |
| tstModuleCJS.cts:1:1:3:1 | [ExportDeclaration] export ... 'b'; } | semmle.order | 91 |
| tstModuleCJS.cts:1:8:3:1 | [FunctionDeclStmt] functio ... 'b'; } | semmle.label | [FunctionDeclStmt] functio ... 'b'; } |
| tstModuleCJS.cts:1:17:1:28 | [VarDecl] tstModuleCJS | semmle.label | [VarDecl] tstModuleCJS |
| tstModuleCJS.cts:1:33:1:35 | [LiteralTypeExpr] 'a' | semmle.label | [LiteralTypeExpr] 'a' |
@@ -1776,7 +1836,7 @@ nodes
| tstModuleCJS.cts:2:34:2:36 | [Literal] 'a' | semmle.label | [Literal] 'a' |
| tstModuleCJS.cts:2:40:2:42 | [Literal] 'b' | semmle.label | [Literal] 'b' |
| tstModuleES.mts:1:1:3:1 | [ExportDeclaration] export ... 'b'; } | semmle.label | [ExportDeclaration] export ... 'b'; } |
| tstModuleES.mts:1:1:3:1 | [ExportDeclaration] export ... 'b'; } | semmle.order | 91 |
| tstModuleES.mts:1:1:3:1 | [ExportDeclaration] export ... 'b'; } | semmle.order | 92 |
| tstModuleES.mts:1:16:3:1 | [FunctionDeclStmt] functio ... 'b'; } | semmle.label | [FunctionDeclStmt] functio ... 'b'; } |
| tstModuleES.mts:1:25:1:35 | [VarDecl] tstModuleES | semmle.label | [VarDecl] tstModuleES |
| tstModuleES.mts:1:40:1:42 | [LiteralTypeExpr] 'a' | semmle.label | [LiteralTypeExpr] 'a' |
@@ -1794,7 +1854,7 @@ nodes
| tstModuleES.mts:2:34:2:36 | [Literal] 'a' | semmle.label | [Literal] 'a' |
| tstModuleES.mts:2:40:2:42 | [Literal] 'b' | semmle.label | [Literal] 'b' |
| tstSuffixA.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.label | [ExportDeclaration] export ... .ts'; } |
| tstSuffixA.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.order | 92 |
| tstSuffixA.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.order | 93 |
| tstSuffixA.ts:1:8:3:1 | [FunctionDeclStmt] functio ... .ts'; } | semmle.label | [FunctionDeclStmt] functio ... .ts'; } |
| tstSuffixA.ts:1:17:1:28 | [VarDecl] resolvedFile | semmle.label | [VarDecl] resolvedFile |
| tstSuffixA.ts:1:33:1:47 | [LiteralTypeExpr] 'tstSuffixA.ts' | semmle.label | [LiteralTypeExpr] 'tstSuffixA.ts' |
@@ -1802,7 +1862,7 @@ nodes
| tstSuffixA.ts:2:5:2:27 | [ReturnStmt] return ... xA.ts'; | semmle.label | [ReturnStmt] return ... xA.ts'; |
| tstSuffixA.ts:2:12:2:26 | [Literal] 'tstSuffixA.ts' | semmle.label | [Literal] 'tstSuffixA.ts' |
| tstSuffixB.ios.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.label | [ExportDeclaration] export ... .ts'; } |
| tstSuffixB.ios.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.order | 93 |
| tstSuffixB.ios.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.order | 94 |
| tstSuffixB.ios.ts:1:8:3:1 | [FunctionDeclStmt] functio ... .ts'; } | semmle.label | [FunctionDeclStmt] functio ... .ts'; } |
| tstSuffixB.ios.ts:1:17:1:28 | [VarDecl] resolvedFile | semmle.label | [VarDecl] resolvedFile |
| tstSuffixB.ios.ts:1:33:1:51 | [LiteralTypeExpr] 'tstSuffixB.ios.ts' | semmle.label | [LiteralTypeExpr] 'tstSuffixB.ios.ts' |
@@ -1810,7 +1870,7 @@ nodes
| tstSuffixB.ios.ts:2:5:2:31 | [ReturnStmt] return ... os.ts'; | semmle.label | [ReturnStmt] return ... os.ts'; |
| tstSuffixB.ios.ts:2:12:2:30 | [Literal] 'tstSuffixB.ios.ts' | semmle.label | [Literal] 'tstSuffixB.ios.ts' |
| tstSuffixB.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.label | [ExportDeclaration] export ... .ts'; } |
| tstSuffixB.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.order | 94 |
| tstSuffixB.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.order | 95 |
| tstSuffixB.ts:1:8:3:1 | [FunctionDeclStmt] functio ... .ts'; } | semmle.label | [FunctionDeclStmt] functio ... .ts'; } |
| tstSuffixB.ts:1:17:1:28 | [VarDecl] resolvedFile | semmle.label | [VarDecl] resolvedFile |
| tstSuffixB.ts:1:33:1:47 | [LiteralTypeExpr] 'tstSuffixB.ts' | semmle.label | [LiteralTypeExpr] 'tstSuffixB.ts' |
@@ -1818,16 +1878,16 @@ nodes
| tstSuffixB.ts:2:5:2:27 | [ReturnStmt] return ... xB.ts'; | semmle.label | [ReturnStmt] return ... xB.ts'; |
| tstSuffixB.ts:2:12:2:26 | [Literal] 'tstSuffixB.ts' | semmle.label | [Literal] 'tstSuffixB.ts' |
| type_alias.ts:1:1:1:17 | [TypeAliasDeclaration,TypeDefinition] type B = boolean; | semmle.label | [TypeAliasDeclaration,TypeDefinition] type B = boolean; |
| type_alias.ts:1:1:1:17 | [TypeAliasDeclaration,TypeDefinition] type B = boolean; | semmle.order | 95 |
| type_alias.ts:1:1:1:17 | [TypeAliasDeclaration,TypeDefinition] type B = boolean; | semmle.order | 96 |
| type_alias.ts:1:6:1:6 | [Identifier] B | semmle.label | [Identifier] B |
| type_alias.ts:1:10:1:16 | [KeywordTypeExpr] boolean | semmle.label | [KeywordTypeExpr] boolean |
| type_alias.ts:3:1:3:9 | [DeclStmt] var b = ... | semmle.label | [DeclStmt] var b = ... |
| type_alias.ts:3:1:3:9 | [DeclStmt] var b = ... | semmle.order | 96 |
| type_alias.ts:3:1:3:9 | [DeclStmt] var b = ... | semmle.order | 97 |
| type_alias.ts:3:5:3:5 | [VarDecl] b | semmle.label | [VarDecl] b |
| type_alias.ts:3:5:3:8 | [VariableDeclarator] b: B | semmle.label | [VariableDeclarator] b: B |
| type_alias.ts:3:8:3:8 | [LocalTypeAccess] B | semmle.label | [LocalTypeAccess] B |
| type_alias.ts:5:1:5:50 | [TypeAliasDeclaration,TypeDefinition] type Va ... ay<T>>; | semmle.label | [TypeAliasDeclaration,TypeDefinition] type Va ... ay<T>>; |
| type_alias.ts:5:1:5:50 | [TypeAliasDeclaration,TypeDefinition] type Va ... ay<T>>; | semmle.order | 97 |
| type_alias.ts:5:1:5:50 | [TypeAliasDeclaration,TypeDefinition] type Va ... ay<T>>; | semmle.order | 98 |
| type_alias.ts:5:6:5:17 | [Identifier] ValueOrArray | semmle.label | [Identifier] ValueOrArray |
| type_alias.ts:5:19:5:19 | [Identifier] T | semmle.label | [Identifier] T |
| type_alias.ts:5:19:5:19 | [TypeParameter] T | semmle.label | [TypeParameter] T |
@@ -1839,14 +1899,14 @@ nodes
| type_alias.ts:5:34:5:48 | [GenericTypeExpr] ValueOrArray<T> | semmle.label | [GenericTypeExpr] ValueOrArray<T> |
| type_alias.ts:5:47:5:47 | [LocalTypeAccess] T | semmle.label | [LocalTypeAccess] T |
| type_alias.ts:7:1:7:28 | [DeclStmt] var c = ... | semmle.label | [DeclStmt] var c = ... |
| type_alias.ts:7:1:7:28 | [DeclStmt] var c = ... | semmle.order | 98 |
| type_alias.ts:7:1:7:28 | [DeclStmt] var c = ... | semmle.order | 99 |
| type_alias.ts:7:5:7:5 | [VarDecl] c | semmle.label | [VarDecl] c |
| type_alias.ts:7:5:7:27 | [VariableDeclarator] c: Valu ... number> | semmle.label | [VariableDeclarator] c: Valu ... number> |
| type_alias.ts:7:8:7:19 | [LocalTypeAccess] ValueOrArray | semmle.label | [LocalTypeAccess] ValueOrArray |
| type_alias.ts:7:8:7:27 | [GenericTypeExpr] ValueOrArray<number> | semmle.label | [GenericTypeExpr] ValueOrArray<number> |
| type_alias.ts:7:21:7:26 | [KeywordTypeExpr] number | semmle.label | [KeywordTypeExpr] number |
| type_alias.ts:9:1:15:13 | [TypeAliasDeclaration,TypeDefinition] type Js ... Json[]; | semmle.label | [TypeAliasDeclaration,TypeDefinition] type Js ... Json[]; |
| type_alias.ts:9:1:15:13 | [TypeAliasDeclaration,TypeDefinition] type Js ... Json[]; | semmle.order | 99 |
| type_alias.ts:9:1:15:13 | [TypeAliasDeclaration,TypeDefinition] type Js ... Json[]; | semmle.order | 100 |
| type_alias.ts:9:6:9:9 | [Identifier] Json | semmle.label | [Identifier] Json |
| type_alias.ts:10:5:15:12 | [UnionTypeExpr] \| strin ... Json[] | semmle.label | [UnionTypeExpr] \| strin ... Json[] |
| type_alias.ts:10:7:10:12 | [KeywordTypeExpr] string | semmle.label | [KeywordTypeExpr] string |
@@ -1862,12 +1922,12 @@ nodes
| type_alias.ts:15:7:15:10 | [LocalTypeAccess] Json | semmle.label | [LocalTypeAccess] Json |
| type_alias.ts:15:7:15:12 | [ArrayTypeExpr] Json[] | semmle.label | [ArrayTypeExpr] Json[] |
| type_alias.ts:17:1:17:15 | [DeclStmt] var json = ... | semmle.label | [DeclStmt] var json = ... |
| type_alias.ts:17:1:17:15 | [DeclStmt] var json = ... | semmle.order | 100 |
| type_alias.ts:17:1:17:15 | [DeclStmt] var json = ... | semmle.order | 101 |
| type_alias.ts:17:5:17:8 | [VarDecl] json | semmle.label | [VarDecl] json |
| type_alias.ts:17:5:17:14 | [VariableDeclarator] json: Json | semmle.label | [VariableDeclarator] json: Json |
| type_alias.ts:17:11:17:14 | [LocalTypeAccess] Json | semmle.label | [LocalTypeAccess] Json |
| type_alias.ts:19:1:21:57 | [TypeAliasDeclaration,TypeDefinition] type Vi ... ode[]]; | semmle.label | [TypeAliasDeclaration,TypeDefinition] type Vi ... ode[]]; |
| type_alias.ts:19:1:21:57 | [TypeAliasDeclaration,TypeDefinition] type Vi ... ode[]]; | semmle.order | 101 |
| type_alias.ts:19:1:21:57 | [TypeAliasDeclaration,TypeDefinition] type Vi ... ode[]]; | semmle.order | 102 |
| type_alias.ts:19:6:19:16 | [Identifier] VirtualNode | semmle.label | [Identifier] VirtualNode |
| type_alias.ts:20:5:21:56 | [UnionTypeExpr] \| strin ... Node[]] | semmle.label | [UnionTypeExpr] \| strin ... Node[]] |
| type_alias.ts:20:7:20:12 | [KeywordTypeExpr] string | semmle.label | [KeywordTypeExpr] string |
@@ -1883,7 +1943,7 @@ nodes
| type_alias.ts:21:43:21:53 | [LocalTypeAccess] VirtualNode | semmle.label | [LocalTypeAccess] VirtualNode |
| type_alias.ts:21:43:21:55 | [ArrayTypeExpr] VirtualNode[] | semmle.label | [ArrayTypeExpr] VirtualNode[] |
| type_alias.ts:23:1:27:6 | [DeclStmt] const myNode = ... | semmle.label | [DeclStmt] const myNode = ... |
| type_alias.ts:23:1:27:6 | [DeclStmt] const myNode = ... | semmle.order | 102 |
| type_alias.ts:23:1:27:6 | [DeclStmt] const myNode = ... | semmle.order | 103 |
| type_alias.ts:23:7:23:12 | [VarDecl] myNode | semmle.label | [VarDecl] myNode |
| type_alias.ts:23:7:27:5 | [VariableDeclarator] myNode: ... ] ] | semmle.label | [VariableDeclarator] myNode: ... ] ] |
| type_alias.ts:23:15:23:25 | [LocalTypeAccess] VirtualNode | semmle.label | [LocalTypeAccess] VirtualNode |
@@ -1908,12 +1968,12 @@ nodes
| type_alias.ts:26:23:26:36 | [Literal] "second-child" | semmle.label | [Literal] "second-child" |
| type_alias.ts:26:41:26:62 | [Literal] "I'm the second child" | semmle.label | [Literal] "I'm the second child" |
| type_definition_objects.ts:1:1:1:33 | [ImportDeclaration] import ... dummy"; | semmle.label | [ImportDeclaration] import ... dummy"; |
| type_definition_objects.ts:1:1:1:33 | [ImportDeclaration] import ... dummy"; | semmle.order | 103 |
| type_definition_objects.ts:1:1:1:33 | [ImportDeclaration] import ... dummy"; | semmle.order | 104 |
| type_definition_objects.ts:1:8:1:17 | [ImportSpecifier] * as dummy | semmle.label | [ImportSpecifier] * as dummy |
| type_definition_objects.ts:1:13:1:17 | [VarDecl] dummy | semmle.label | [VarDecl] dummy |
| type_definition_objects.ts:1:24:1:32 | [Literal] "./dummy" | semmle.label | [Literal] "./dummy" |
| type_definition_objects.ts:3:1:3:17 | [ExportDeclaration] export class C {} | semmle.label | [ExportDeclaration] export class C {} |
| type_definition_objects.ts:3:1:3:17 | [ExportDeclaration] export class C {} | semmle.order | 104 |
| type_definition_objects.ts:3:1:3:17 | [ExportDeclaration] export class C {} | semmle.order | 105 |
| type_definition_objects.ts:3:8:3:17 | [ClassDefinition,TypeDefinition] class C {} | semmle.label | [ClassDefinition,TypeDefinition] class C {} |
| type_definition_objects.ts:3:14:3:14 | [VarDecl] C | semmle.label | [VarDecl] C |
| type_definition_objects.ts:3:16:3:15 | [BlockStmt] {} | semmle.label | [BlockStmt] {} |
@@ -1921,36 +1981,36 @@ nodes
| type_definition_objects.ts:3:16:3:15 | [FunctionExpr] () {} | semmle.label | [FunctionExpr] () {} |
| type_definition_objects.ts:3:16:3:15 | [Label] constructor | semmle.label | [Label] constructor |
| type_definition_objects.ts:4:1:4:17 | [DeclStmt] let classObj = ... | semmle.label | [DeclStmt] let classObj = ... |
| type_definition_objects.ts:4:1:4:17 | [DeclStmt] let classObj = ... | semmle.order | 105 |
| type_definition_objects.ts:4:1:4:17 | [DeclStmt] let classObj = ... | semmle.order | 106 |
| type_definition_objects.ts:4:5:4:12 | [VarDecl] classObj | semmle.label | [VarDecl] classObj |
| type_definition_objects.ts:4:5:4:16 | [VariableDeclarator] classObj = C | semmle.label | [VariableDeclarator] classObj = C |
| type_definition_objects.ts:4:16:4:16 | [VarRef] C | semmle.label | [VarRef] C |
| type_definition_objects.ts:6:1:6:16 | [ExportDeclaration] export enum E {} | semmle.label | [ExportDeclaration] export enum E {} |
| type_definition_objects.ts:6:1:6:16 | [ExportDeclaration] export enum E {} | semmle.order | 106 |
| type_definition_objects.ts:6:1:6:16 | [ExportDeclaration] export enum E {} | semmle.order | 107 |
| type_definition_objects.ts:6:8:6:16 | [EnumDeclaration,TypeDefinition] enum E {} | semmle.label | [EnumDeclaration,TypeDefinition] enum E {} |
| type_definition_objects.ts:6:13:6:13 | [VarDecl] E | semmle.label | [VarDecl] E |
| type_definition_objects.ts:7:1:7:16 | [DeclStmt] let enumObj = ... | semmle.label | [DeclStmt] let enumObj = ... |
| type_definition_objects.ts:7:1:7:16 | [DeclStmt] let enumObj = ... | semmle.order | 107 |
| type_definition_objects.ts:7:1:7:16 | [DeclStmt] let enumObj = ... | semmle.order | 108 |
| type_definition_objects.ts:7:5:7:11 | [VarDecl] enumObj | semmle.label | [VarDecl] enumObj |
| type_definition_objects.ts:7:5:7:15 | [VariableDeclarator] enumObj = E | semmle.label | [VariableDeclarator] enumObj = E |
| type_definition_objects.ts:7:15:7:15 | [VarRef] E | semmle.label | [VarRef] E |
| type_definition_objects.ts:9:1:9:22 | [ExportDeclaration] export ... e N {;} | semmle.label | [ExportDeclaration] export ... e N {;} |
| type_definition_objects.ts:9:1:9:22 | [ExportDeclaration] export ... e N {;} | semmle.order | 108 |
| type_definition_objects.ts:9:1:9:22 | [ExportDeclaration] export ... e N {;} | semmle.order | 109 |
| type_definition_objects.ts:9:8:9:22 | [NamespaceDeclaration] namespace N {;} | semmle.label | [NamespaceDeclaration] namespace N {;} |
| type_definition_objects.ts:9:18:9:18 | [VarDecl] N | semmle.label | [VarDecl] N |
| type_definition_objects.ts:9:21:9:21 | [EmptyStmt] ; | semmle.label | [EmptyStmt] ; |
| type_definition_objects.ts:10:1:10:21 | [DeclStmt] let namespaceObj = ... | semmle.label | [DeclStmt] let namespaceObj = ... |
| type_definition_objects.ts:10:1:10:21 | [DeclStmt] let namespaceObj = ... | semmle.order | 109 |
| type_definition_objects.ts:10:1:10:21 | [DeclStmt] let namespaceObj = ... | semmle.order | 110 |
| type_definition_objects.ts:10:5:10:16 | [VarDecl] namespaceObj | semmle.label | [VarDecl] namespaceObj |
| type_definition_objects.ts:10:5:10:20 | [VariableDeclarator] namespaceObj = N | semmle.label | [VariableDeclarator] namespaceObj = N |
| type_definition_objects.ts:10:20:10:20 | [VarRef] N | semmle.label | [VarRef] N |
| type_definitions.ts:1:1:1:33 | [ImportDeclaration] import ... dummy"; | semmle.label | [ImportDeclaration] import ... dummy"; |
| type_definitions.ts:1:1:1:33 | [ImportDeclaration] import ... dummy"; | semmle.order | 110 |
| type_definitions.ts:1:1:1:33 | [ImportDeclaration] import ... dummy"; | semmle.order | 111 |
| type_definitions.ts:1:8:1:17 | [ImportSpecifier] * as dummy | semmle.label | [ImportSpecifier] * as dummy |
| type_definitions.ts:1:13:1:17 | [VarDecl] dummy | semmle.label | [VarDecl] dummy |
| type_definitions.ts:1:24:1:32 | [Literal] "./dummy" | semmle.label | [Literal] "./dummy" |
| type_definitions.ts:3:1:5:1 | [InterfaceDeclaration,TypeDefinition] interfa ... x: S; } | semmle.label | [InterfaceDeclaration,TypeDefinition] interfa ... x: S; } |
| type_definitions.ts:3:1:5:1 | [InterfaceDeclaration,TypeDefinition] interfa ... x: S; } | semmle.order | 111 |
| type_definitions.ts:3:1:5:1 | [InterfaceDeclaration,TypeDefinition] interfa ... x: S; } | semmle.order | 112 |
| type_definitions.ts:3:11:3:11 | [Identifier] I | semmle.label | [Identifier] I |
| type_definitions.ts:3:13:3:13 | [Identifier] S | semmle.label | [Identifier] S |
| type_definitions.ts:3:13:3:13 | [TypeParameter] S | semmle.label | [TypeParameter] S |
@@ -1958,14 +2018,14 @@ nodes
| type_definitions.ts:4:3:4:7 | [FieldDeclaration] x: S; | semmle.label | [FieldDeclaration] x: S; |
| type_definitions.ts:4:6:4:6 | [LocalTypeAccess] S | semmle.label | [LocalTypeAccess] S |
| type_definitions.ts:6:1:6:16 | [DeclStmt] let i = ... | semmle.label | [DeclStmt] let i = ... |
| type_definitions.ts:6:1:6:16 | [DeclStmt] let i = ... | semmle.order | 112 |
| type_definitions.ts:6:1:6:16 | [DeclStmt] let i = ... | semmle.order | 113 |
| type_definitions.ts:6:5:6:5 | [VarDecl] i | semmle.label | [VarDecl] i |
| type_definitions.ts:6:5:6:16 | [VariableDeclarator] i: I<number> | semmle.label | [VariableDeclarator] i: I<number> |
| type_definitions.ts:6:8:6:8 | [LocalTypeAccess] I | semmle.label | [LocalTypeAccess] I |
| type_definitions.ts:6:8:6:16 | [GenericTypeExpr] I<number> | semmle.label | [GenericTypeExpr] I<number> |
| type_definitions.ts:6:10:6:15 | [KeywordTypeExpr] number | semmle.label | [KeywordTypeExpr] number |
| type_definitions.ts:8:1:10:1 | [ClassDefinition,TypeDefinition] class C ... x: T } | semmle.label | [ClassDefinition,TypeDefinition] class C ... x: T } |
| type_definitions.ts:8:1:10:1 | [ClassDefinition,TypeDefinition] class C ... x: T } | semmle.order | 113 |
| type_definitions.ts:8:1:10:1 | [ClassDefinition,TypeDefinition] class C ... x: T } | semmle.order | 114 |
| type_definitions.ts:8:7:8:7 | [VarDecl] C | semmle.label | [VarDecl] C |
| type_definitions.ts:8:8:8:7 | [BlockStmt] {} | semmle.label | [BlockStmt] {} |
| type_definitions.ts:8:8:8:7 | [ClassInitializedMember,ConstructorDefinition] constructor() {} | semmle.label | [ClassInitializedMember,ConstructorDefinition] constructor() {} |
@@ -1977,14 +2037,14 @@ nodes
| type_definitions.ts:9:3:9:6 | [FieldDeclaration] x: T | semmle.label | [FieldDeclaration] x: T |
| type_definitions.ts:9:6:9:6 | [LocalTypeAccess] T | semmle.label | [LocalTypeAccess] T |
| type_definitions.ts:11:1:11:17 | [DeclStmt] let c = ... | semmle.label | [DeclStmt] let c = ... |
| type_definitions.ts:11:1:11:17 | [DeclStmt] let c = ... | semmle.order | 114 |
| type_definitions.ts:11:1:11:17 | [DeclStmt] let c = ... | semmle.order | 115 |
| type_definitions.ts:11:5:11:5 | [VarDecl] c | semmle.label | [VarDecl] c |
| type_definitions.ts:11:5:11:16 | [VariableDeclarator] c: C<number> | semmle.label | [VariableDeclarator] c: C<number> |
| type_definitions.ts:11:8:11:8 | [LocalTypeAccess] C | semmle.label | [LocalTypeAccess] C |
| type_definitions.ts:11:8:11:16 | [GenericTypeExpr] C<number> | semmle.label | [GenericTypeExpr] C<number> |
| type_definitions.ts:11:10:11:15 | [KeywordTypeExpr] number | semmle.label | [KeywordTypeExpr] number |
| type_definitions.ts:13:1:15:1 | [EnumDeclaration,TypeDefinition] enum Co ... blue } | semmle.label | [EnumDeclaration,TypeDefinition] enum Co ... blue } |
| type_definitions.ts:13:1:15:1 | [EnumDeclaration,TypeDefinition] enum Co ... blue } | semmle.order | 115 |
| type_definitions.ts:13:1:15:1 | [EnumDeclaration,TypeDefinition] enum Co ... blue } | semmle.order | 116 |
| type_definitions.ts:13:6:13:10 | [VarDecl] Color | semmle.label | [VarDecl] Color |
| type_definitions.ts:14:3:14:5 | [EnumMember,TypeDefinition] red | semmle.label | [EnumMember,TypeDefinition] red |
| type_definitions.ts:14:3:14:5 | [VarDecl] red | semmle.label | [VarDecl] red |
@@ -1993,29 +2053,29 @@ nodes
| type_definitions.ts:14:15:14:18 | [EnumMember,TypeDefinition] blue | semmle.label | [EnumMember,TypeDefinition] blue |
| type_definitions.ts:14:15:14:18 | [VarDecl] blue | semmle.label | [VarDecl] blue |
| type_definitions.ts:16:1:16:17 | [DeclStmt] let color = ... | semmle.label | [DeclStmt] let color = ... |
| type_definitions.ts:16:1:16:17 | [DeclStmt] let color = ... | semmle.order | 116 |
| type_definitions.ts:16:1:16:17 | [DeclStmt] let color = ... | semmle.order | 117 |
| type_definitions.ts:16:5:16:9 | [VarDecl] color | semmle.label | [VarDecl] color |
| type_definitions.ts:16:5:16:16 | [VariableDeclarator] color: Color | semmle.label | [VariableDeclarator] color: Color |
| type_definitions.ts:16:12:16:16 | [LocalTypeAccess] Color | semmle.label | [LocalTypeAccess] Color |
| type_definitions.ts:18:1:18:33 | [EnumDeclaration,TypeDefinition] enum En ... ember } | semmle.label | [EnumDeclaration,TypeDefinition] enum En ... ember } |
| type_definitions.ts:18:1:18:33 | [EnumDeclaration,TypeDefinition] enum En ... ember } | semmle.order | 117 |
| type_definitions.ts:18:1:18:33 | [EnumDeclaration,TypeDefinition] enum En ... ember } | semmle.order | 118 |
| type_definitions.ts:18:6:18:22 | [VarDecl] EnumWithOneMember | semmle.label | [VarDecl] EnumWithOneMember |
| type_definitions.ts:18:26:18:31 | [EnumMember,TypeDefinition] member | semmle.label | [EnumMember,TypeDefinition] member |
| type_definitions.ts:18:26:18:31 | [VarDecl] member | semmle.label | [VarDecl] member |
| type_definitions.ts:19:1:19:25 | [DeclStmt] let e = ... | semmle.label | [DeclStmt] let e = ... |
| type_definitions.ts:19:1:19:25 | [DeclStmt] let e = ... | semmle.order | 118 |
| type_definitions.ts:19:1:19:25 | [DeclStmt] let e = ... | semmle.order | 119 |
| type_definitions.ts:19:5:19:5 | [VarDecl] e | semmle.label | [VarDecl] e |
| type_definitions.ts:19:5:19:24 | [VariableDeclarator] e: EnumWithOneMember | semmle.label | [VariableDeclarator] e: EnumWithOneMember |
| type_definitions.ts:19:8:19:24 | [LocalTypeAccess] EnumWithOneMember | semmle.label | [LocalTypeAccess] EnumWithOneMember |
| type_definitions.ts:21:1:21:20 | [TypeAliasDeclaration,TypeDefinition] type Alias<T> = T[]; | semmle.label | [TypeAliasDeclaration,TypeDefinition] type Alias<T> = T[]; |
| type_definitions.ts:21:1:21:20 | [TypeAliasDeclaration,TypeDefinition] type Alias<T> = T[]; | semmle.order | 119 |
| type_definitions.ts:21:1:21:20 | [TypeAliasDeclaration,TypeDefinition] type Alias<T> = T[]; | semmle.order | 120 |
| type_definitions.ts:21:6:21:10 | [Identifier] Alias | semmle.label | [Identifier] Alias |
| type_definitions.ts:21:12:21:12 | [Identifier] T | semmle.label | [Identifier] T |
| type_definitions.ts:21:12:21:12 | [TypeParameter] T | semmle.label | [TypeParameter] T |
| type_definitions.ts:21:17:21:17 | [LocalTypeAccess] T | semmle.label | [LocalTypeAccess] T |
| type_definitions.ts:21:17:21:19 | [ArrayTypeExpr] T[] | semmle.label | [ArrayTypeExpr] T[] |
| type_definitions.ts:22:1:22:39 | [DeclStmt] let aliasForNumberArray = ... | semmle.label | [DeclStmt] let aliasForNumberArray = ... |
| type_definitions.ts:22:1:22:39 | [DeclStmt] let aliasForNumberArray = ... | semmle.order | 120 |
| type_definitions.ts:22:1:22:39 | [DeclStmt] let aliasForNumberArray = ... | semmle.order | 121 |
| type_definitions.ts:22:5:22:23 | [VarDecl] aliasForNumberArray | semmle.label | [VarDecl] aliasForNumberArray |
| type_definitions.ts:22:5:22:38 | [VariableDeclarator] aliasFo ... number> | semmle.label | [VariableDeclarator] aliasFo ... number> |
| type_definitions.ts:22:26:22:30 | [LocalTypeAccess] Alias | semmle.label | [LocalTypeAccess] Alias |
@@ -2216,6 +2276,14 @@ edges
| file://:0:0:0:0 | (Arguments) | tst.ts:478:17:478:42 | [IndexExpr] SomeCla ... tadata] | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | tst.ts:483:17:483:58 | [SatisfiesExpr] ["hello ... string> | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | tst.ts:483:17:483:58 | [SatisfiesExpr] ["hello ... string> | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | tst.ts:491:21:491:46 | [ArrayExpr] ["red", ... green"] | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | tst.ts:491:21:491:46 | [ArrayExpr] ["red", ... green"] | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | tst.ts:491:49:491:56 | [Literal] "yellow" | semmle.label | 1 |
| file://:0:0:0:0 | (Arguments) | tst.ts:491:49:491:56 | [Literal] "yellow" | semmle.order | 1 |
| file://:0:0:0:0 | (Arguments) | tst.ts:493:32:493:49 | [ArrayExpr] [0, 1, 2, 3, 4, 5] | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | tst.ts:493:32:493:49 | [ArrayExpr] [0, 1, 2, 3, 4, 5] | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | tst.ts:493:52:495:3 | [ArrowFunctionExpr] (num, i ... d"; } | semmle.label | 1 |
| file://:0:0:0:0 | (Arguments) | tst.ts:493:52:495:3 | [ArrowFunctionExpr] (num, i ... d"; } | semmle.order | 1 |
| file://:0:0:0:0 | (Parameters) | tst.ts:14:17:14:17 | [SimpleParameter] x | semmle.label | 0 |
| file://:0:0:0:0 | (Parameters) | tst.ts:14:17:14:17 | [SimpleParameter] x | semmle.order | 0 |
| file://:0:0:0:0 | (Parameters) | tst.ts:14:28:14:28 | [SimpleParameter] y | semmle.label | 1 |
@@ -2314,6 +2382,14 @@ edges
| file://:0:0:0:0 | (Parameters) | tst.ts:474:12:474:18 | [SimpleParameter] _target | semmle.order | 0 |
| file://:0:0:0:0 | (Parameters) | tst.ts:474:21:474:28 | [SimpleParameter] _context | semmle.label | 1 |
| file://:0:0:0:0 | (Parameters) | tst.ts:474:21:474:28 | [SimpleParameter] _context | semmle.order | 1 |
| file://:0:0:0:0 | (Parameters) | tst.ts:487:48:487:53 | [SimpleParameter] colors | semmle.label | 0 |
| file://:0:0:0:0 | (Parameters) | tst.ts:487:48:487:53 | [SimpleParameter] colors | semmle.order | 0 |
| file://:0:0:0:0 | (Parameters) | tst.ts:487:61:487:72 | [SimpleParameter] defaultColor | semmle.label | 1 |
| file://:0:0:0:0 | (Parameters) | tst.ts:487:61:487:72 | [SimpleParameter] defaultColor | semmle.order | 1 |
| file://:0:0:0:0 | (Parameters) | tst.ts:493:53:493:55 | [SimpleParameter] num | semmle.label | 0 |
| file://:0:0:0:0 | (Parameters) | tst.ts:493:53:493:55 | [SimpleParameter] num | semmle.order | 0 |
| file://:0:0:0:0 | (Parameters) | tst.ts:493:58:493:62 | [SimpleParameter] index | semmle.label | 1 |
| file://:0:0:0:0 | (Parameters) | tst.ts:493:58:493:62 | [SimpleParameter] index | semmle.order | 1 |
| file://:0:0:0:0 | (Parameters) | type_alias.ts:14:10:14:17 | [SimpleParameter] property | semmle.label | 0 |
| file://:0:0:0:0 | (Parameters) | type_alias.ts:14:10:14:17 | [SimpleParameter] property | semmle.order | 0 |
| file://:0:0:0:0 | (Parameters) | type_alias.ts:21:19:21:21 | [SimpleParameter] key | semmle.label | 0 |
@@ -2346,6 +2422,8 @@ edges
| file://:0:0:0:0 | (TypeParameters) | tst.ts:462:40:462:72 | [TypeParameter] const T ... tring[] | semmle.order | 0 |
| file://:0:0:0:0 | (TypeParameters) | tst.ts:481:16:481:16 | [TypeParameter] T | semmle.label | 0 |
| file://:0:0:0:0 | (TypeParameters) | tst.ts:481:16:481:16 | [TypeParameter] T | semmle.order | 0 |
| file://:0:0:0:0 | (TypeParameters) | tst.ts:487:30:487:45 | [TypeParameter] C extends string | semmle.label | 0 |
| file://:0:0:0:0 | (TypeParameters) | tst.ts:487:30:487:45 | [TypeParameter] C extends string | semmle.order | 0 |
| file://:0:0:0:0 | (TypeParameters) | type_alias.ts:5:19:5:19 | [TypeParameter] T | semmle.label | 0 |
| file://:0:0:0:0 | (TypeParameters) | type_alias.ts:5:19:5:19 | [TypeParameter] T | semmle.order | 0 |
| file://:0:0:0:0 | (TypeParameters) | type_definitions.ts:3:13:3:13 | [TypeParameter] S | semmle.label | 0 |
@@ -5182,6 +5260,104 @@ edges
| tst.ts:483:46:483:58 | [GenericTypeExpr] Pair3<string> | tst.ts:483:46:483:50 | [LocalTypeAccess] Pair3 | semmle.order | 1 |
| tst.ts:483:46:483:58 | [GenericTypeExpr] Pair3<string> | tst.ts:483:52:483:57 | [KeywordTypeExpr] string | semmle.label | 2 |
| tst.ts:483:46:483:58 | [GenericTypeExpr] Pair3<string> | tst.ts:483:52:483:57 | [KeywordTypeExpr] string | semmle.order | 2 |
| tst.ts:486:1:496:1 | [NamespaceDeclaration] module ... }); } | tst.ts:486:8:486:11 | [VarDecl] TS54 | semmle.label | 1 |
| tst.ts:486:1:496:1 | [NamespaceDeclaration] module ... }); } | tst.ts:486:8:486:11 | [VarDecl] TS54 | semmle.order | 1 |
| tst.ts:486:1:496:1 | [NamespaceDeclaration] module ... }); } | tst.ts:487:3:489:3 | [FunctionDeclStmt] functio ... 0]; } | semmle.label | 2 |
| tst.ts:486:1:496:1 | [NamespaceDeclaration] module ... }); } | tst.ts:487:3:489:3 | [FunctionDeclStmt] functio ... 0]; } | semmle.order | 2 |
| tst.ts:486:1:496:1 | [NamespaceDeclaration] module ... }); } | tst.ts:491:3:491:58 | [ExprStmt] createS ... llow"); | semmle.label | 3 |
| tst.ts:486:1:496:1 | [NamespaceDeclaration] module ... }); } | tst.ts:491:3:491:58 | [ExprStmt] createS ... llow"); | semmle.order | 3 |
| tst.ts:486:1:496:1 | [NamespaceDeclaration] module ... }); } | tst.ts:493:3:495:5 | [DeclStmt] const myObj = ... | semmle.label | 4 |
| tst.ts:486:1:496:1 | [NamespaceDeclaration] module ... }); } | tst.ts:493:3:495:5 | [DeclStmt] const myObj = ... | semmle.order | 4 |
| tst.ts:487:3:489:3 | [FunctionDeclStmt] functio ... 0]; } | file://:0:0:0:0 | (Parameters) | semmle.label | 1 |
| tst.ts:487:3:489:3 | [FunctionDeclStmt] functio ... 0]; } | file://:0:0:0:0 | (Parameters) | semmle.order | 1 |
| tst.ts:487:3:489:3 | [FunctionDeclStmt] functio ... 0]; } | file://:0:0:0:0 | (TypeParameters) | semmle.label | 2 |
| tst.ts:487:3:489:3 | [FunctionDeclStmt] functio ... 0]; } | file://:0:0:0:0 | (TypeParameters) | semmle.order | 2 |
| tst.ts:487:3:489:3 | [FunctionDeclStmt] functio ... 0]; } | tst.ts:487:12:487:28 | [VarDecl] createStreetLight | semmle.label | 0 |
| tst.ts:487:3:489:3 | [FunctionDeclStmt] functio ... 0]; } | tst.ts:487:12:487:28 | [VarDecl] createStreetLight | semmle.order | 0 |
| tst.ts:487:3:489:3 | [FunctionDeclStmt] functio ... 0]; } | tst.ts:487:88:489:3 | [BlockStmt] { r ... 0]; } | semmle.label | 5 |
| tst.ts:487:3:489:3 | [FunctionDeclStmt] functio ... 0]; } | tst.ts:487:88:489:3 | [BlockStmt] { r ... 0]; } | semmle.order | 5 |
| tst.ts:487:30:487:45 | [TypeParameter] C extends string | tst.ts:487:30:487:30 | [Identifier] C | semmle.label | 1 |
| tst.ts:487:30:487:45 | [TypeParameter] C extends string | tst.ts:487:30:487:30 | [Identifier] C | semmle.order | 1 |
| tst.ts:487:30:487:45 | [TypeParameter] C extends string | tst.ts:487:40:487:45 | [KeywordTypeExpr] string | semmle.label | 2 |
| tst.ts:487:30:487:45 | [TypeParameter] C extends string | tst.ts:487:40:487:45 | [KeywordTypeExpr] string | semmle.order | 2 |
| tst.ts:487:48:487:53 | [SimpleParameter] colors | tst.ts:487:56:487:58 | [ArrayTypeExpr] C[] | semmle.label | -2 |
| tst.ts:487:48:487:53 | [SimpleParameter] colors | tst.ts:487:56:487:58 | [ArrayTypeExpr] C[] | semmle.order | -2 |
| tst.ts:487:56:487:58 | [ArrayTypeExpr] C[] | tst.ts:487:56:487:56 | [LocalTypeAccess] C | semmle.label | 1 |
| tst.ts:487:56:487:58 | [ArrayTypeExpr] C[] | tst.ts:487:56:487:56 | [LocalTypeAccess] C | semmle.order | 1 |
| tst.ts:487:61:487:72 | [SimpleParameter] defaultColor | tst.ts:487:76:487:85 | [GenericTypeExpr] NoInfer<C> | semmle.label | -2 |
| tst.ts:487:61:487:72 | [SimpleParameter] defaultColor | tst.ts:487:76:487:85 | [GenericTypeExpr] NoInfer<C> | semmle.order | -2 |
| tst.ts:487:76:487:85 | [GenericTypeExpr] NoInfer<C> | tst.ts:487:76:487:82 | [LocalTypeAccess] NoInfer | semmle.label | 1 |
| tst.ts:487:76:487:85 | [GenericTypeExpr] NoInfer<C> | tst.ts:487:76:487:82 | [LocalTypeAccess] NoInfer | semmle.order | 1 |
| tst.ts:487:76:487:85 | [GenericTypeExpr] NoInfer<C> | tst.ts:487:84:487:84 | [LocalTypeAccess] C | semmle.label | 2 |
| tst.ts:487:76:487:85 | [GenericTypeExpr] NoInfer<C> | tst.ts:487:84:487:84 | [LocalTypeAccess] C | semmle.order | 2 |
| tst.ts:487:88:489:3 | [BlockStmt] { r ... 0]; } | tst.ts:488:5:488:21 | [ReturnStmt] return colors[0]; | semmle.label | 1 |
| tst.ts:487:88:489:3 | [BlockStmt] { r ... 0]; } | tst.ts:488:5:488:21 | [ReturnStmt] return colors[0]; | semmle.order | 1 |
| tst.ts:488:5:488:21 | [ReturnStmt] return colors[0]; | tst.ts:488:12:488:20 | [IndexExpr] colors[0] | semmle.label | 1 |
| tst.ts:488:5:488:21 | [ReturnStmt] return colors[0]; | tst.ts:488:12:488:20 | [IndexExpr] colors[0] | semmle.order | 1 |
| tst.ts:488:12:488:20 | [IndexExpr] colors[0] | tst.ts:488:12:488:17 | [VarRef] colors | semmle.label | 1 |
| tst.ts:488:12:488:20 | [IndexExpr] colors[0] | tst.ts:488:12:488:17 | [VarRef] colors | semmle.order | 1 |
| tst.ts:488:12:488:20 | [IndexExpr] colors[0] | tst.ts:488:19:488:19 | [Literal] 0 | semmle.label | 2 |
| tst.ts:488:12:488:20 | [IndexExpr] colors[0] | tst.ts:488:19:488:19 | [Literal] 0 | semmle.order | 2 |
| tst.ts:491:3:491:57 | [CallExpr] createS ... ellow") | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| tst.ts:491:3:491:57 | [CallExpr] createS ... ellow") | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| tst.ts:491:3:491:57 | [CallExpr] createS ... ellow") | tst.ts:491:3:491:19 | [VarRef] createStreetLight | semmle.label | 0 |
| tst.ts:491:3:491:57 | [CallExpr] createS ... ellow") | tst.ts:491:3:491:19 | [VarRef] createStreetLight | semmle.order | 0 |
| tst.ts:491:3:491:58 | [ExprStmt] createS ... llow"); | tst.ts:491:3:491:57 | [CallExpr] createS ... ellow") | semmle.label | 1 |
| tst.ts:491:3:491:58 | [ExprStmt] createS ... llow"); | tst.ts:491:3:491:57 | [CallExpr] createS ... ellow") | semmle.order | 1 |
| tst.ts:491:21:491:46 | [ArrayExpr] ["red", ... green"] | tst.ts:491:22:491:26 | [Literal] "red" | semmle.label | 1 |
| tst.ts:491:21:491:46 | [ArrayExpr] ["red", ... green"] | tst.ts:491:22:491:26 | [Literal] "red" | semmle.order | 1 |
| tst.ts:491:21:491:46 | [ArrayExpr] ["red", ... green"] | tst.ts:491:29:491:36 | [Literal] "yellow" | semmle.label | 2 |
| tst.ts:491:21:491:46 | [ArrayExpr] ["red", ... green"] | tst.ts:491:29:491:36 | [Literal] "yellow" | semmle.order | 2 |
| tst.ts:491:21:491:46 | [ArrayExpr] ["red", ... green"] | tst.ts:491:39:491:45 | [Literal] "green" | semmle.label | 3 |
| tst.ts:491:21:491:46 | [ArrayExpr] ["red", ... green"] | tst.ts:491:39:491:45 | [Literal] "green" | semmle.order | 3 |
| tst.ts:493:3:495:5 | [DeclStmt] const myObj = ... | tst.ts:493:9:495:4 | [VariableDeclarator] myObj = ... "; }) | semmle.label | 1 |
| tst.ts:493:3:495:5 | [DeclStmt] const myObj = ... | tst.ts:493:9:495:4 | [VariableDeclarator] myObj = ... "; }) | semmle.order | 1 |
| tst.ts:493:9:495:4 | [VariableDeclarator] myObj = ... "; }) | tst.ts:493:9:493:13 | [VarDecl] myObj | semmle.label | 1 |
| tst.ts:493:9:495:4 | [VariableDeclarator] myObj = ... "; }) | tst.ts:493:9:493:13 | [VarDecl] myObj | semmle.order | 1 |
| tst.ts:493:9:495:4 | [VariableDeclarator] myObj = ... "; }) | tst.ts:493:17:495:4 | [MethodCallExpr] Object. ... "; }) | semmle.label | 2 |
| tst.ts:493:9:495:4 | [VariableDeclarator] myObj = ... "; }) | tst.ts:493:17:495:4 | [MethodCallExpr] Object. ... "; }) | semmle.order | 2 |
| tst.ts:493:17:493:30 | [DotExpr] Object.groupBy | tst.ts:493:17:493:22 | [VarRef] Object | semmle.label | 1 |
| tst.ts:493:17:493:30 | [DotExpr] Object.groupBy | tst.ts:493:17:493:22 | [VarRef] Object | semmle.order | 1 |
| tst.ts:493:17:493:30 | [DotExpr] Object.groupBy | tst.ts:493:24:493:30 | [Label] groupBy | semmle.label | 2 |
| tst.ts:493:17:493:30 | [DotExpr] Object.groupBy | tst.ts:493:24:493:30 | [Label] groupBy | semmle.order | 2 |
| tst.ts:493:17:495:4 | [MethodCallExpr] Object. ... "; }) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| tst.ts:493:17:495:4 | [MethodCallExpr] Object. ... "; }) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| tst.ts:493:17:495:4 | [MethodCallExpr] Object. ... "; }) | tst.ts:493:17:493:30 | [DotExpr] Object.groupBy | semmle.label | 0 |
| tst.ts:493:17:495:4 | [MethodCallExpr] Object. ... "; }) | tst.ts:493:17:493:30 | [DotExpr] Object.groupBy | semmle.order | 0 |
| tst.ts:493:32:493:49 | [ArrayExpr] [0, 1, 2, 3, 4, 5] | tst.ts:493:33:493:33 | [Literal] 0 | semmle.label | 1 |
| tst.ts:493:32:493:49 | [ArrayExpr] [0, 1, 2, 3, 4, 5] | tst.ts:493:33:493:33 | [Literal] 0 | semmle.order | 1 |
| tst.ts:493:32:493:49 | [ArrayExpr] [0, 1, 2, 3, 4, 5] | tst.ts:493:36:493:36 | [Literal] 1 | semmle.label | 2 |
| tst.ts:493:32:493:49 | [ArrayExpr] [0, 1, 2, 3, 4, 5] | tst.ts:493:36:493:36 | [Literal] 1 | semmle.order | 2 |
| tst.ts:493:32:493:49 | [ArrayExpr] [0, 1, 2, 3, 4, 5] | tst.ts:493:39:493:39 | [Literal] 2 | semmle.label | 3 |
| tst.ts:493:32:493:49 | [ArrayExpr] [0, 1, 2, 3, 4, 5] | tst.ts:493:39:493:39 | [Literal] 2 | semmle.order | 3 |
| tst.ts:493:32:493:49 | [ArrayExpr] [0, 1, 2, 3, 4, 5] | tst.ts:493:42:493:42 | [Literal] 3 | semmle.label | 4 |
| tst.ts:493:32:493:49 | [ArrayExpr] [0, 1, 2, 3, 4, 5] | tst.ts:493:42:493:42 | [Literal] 3 | semmle.order | 4 |
| tst.ts:493:32:493:49 | [ArrayExpr] [0, 1, 2, 3, 4, 5] | tst.ts:493:45:493:45 | [Literal] 4 | semmle.label | 5 |
| tst.ts:493:32:493:49 | [ArrayExpr] [0, 1, 2, 3, 4, 5] | tst.ts:493:45:493:45 | [Literal] 4 | semmle.order | 5 |
| tst.ts:493:32:493:49 | [ArrayExpr] [0, 1, 2, 3, 4, 5] | tst.ts:493:48:493:48 | [Literal] 5 | semmle.label | 6 |
| tst.ts:493:32:493:49 | [ArrayExpr] [0, 1, 2, 3, 4, 5] | tst.ts:493:48:493:48 | [Literal] 5 | semmle.order | 6 |
| tst.ts:493:52:495:3 | [ArrowFunctionExpr] (num, i ... d"; } | file://:0:0:0:0 | (Parameters) | semmle.label | 1 |
| tst.ts:493:52:495:3 | [ArrowFunctionExpr] (num, i ... d"; } | file://:0:0:0:0 | (Parameters) | semmle.order | 1 |
| tst.ts:493:52:495:3 | [ArrowFunctionExpr] (num, i ... d"; } | tst.ts:493:68:495:3 | [BlockStmt] { r ... d"; } | semmle.label | 5 |
| tst.ts:493:52:495:3 | [ArrowFunctionExpr] (num, i ... d"; } | tst.ts:493:68:495:3 | [BlockStmt] { r ... d"; } | semmle.order | 5 |
| tst.ts:493:68:495:3 | [BlockStmt] { r ... d"; } | tst.ts:494:5:494:41 | [ReturnStmt] return ... "odd"; | semmle.label | 1 |
| tst.ts:493:68:495:3 | [BlockStmt] { r ... d"; } | tst.ts:494:5:494:41 | [ReturnStmt] return ... "odd"; | semmle.order | 1 |
| tst.ts:494:5:494:41 | [ReturnStmt] return ... "odd"; | tst.ts:494:12:494:40 | [ConditionalExpr] num % 2 ... : "odd" | semmle.label | 1 |
| tst.ts:494:5:494:41 | [ReturnStmt] return ... "odd"; | tst.ts:494:12:494:40 | [ConditionalExpr] num % 2 ... : "odd" | semmle.order | 1 |
| tst.ts:494:12:494:18 | [BinaryExpr] num % 2 | tst.ts:494:12:494:14 | [VarRef] num | semmle.label | 1 |
| tst.ts:494:12:494:18 | [BinaryExpr] num % 2 | tst.ts:494:12:494:14 | [VarRef] num | semmle.order | 1 |
| tst.ts:494:12:494:18 | [BinaryExpr] num % 2 | tst.ts:494:18:494:18 | [Literal] 2 | semmle.label | 2 |
| tst.ts:494:12:494:18 | [BinaryExpr] num % 2 | tst.ts:494:18:494:18 | [Literal] 2 | semmle.order | 2 |
| tst.ts:494:12:494:24 | [BinaryExpr] num % 2 === 0 | tst.ts:494:12:494:18 | [BinaryExpr] num % 2 | semmle.label | 1 |
| tst.ts:494:12:494:24 | [BinaryExpr] num % 2 === 0 | tst.ts:494:12:494:18 | [BinaryExpr] num % 2 | semmle.order | 1 |
| tst.ts:494:12:494:24 | [BinaryExpr] num % 2 === 0 | tst.ts:494:24:494:24 | [Literal] 0 | semmle.label | 2 |
| tst.ts:494:12:494:24 | [BinaryExpr] num % 2 === 0 | tst.ts:494:24:494:24 | [Literal] 0 | semmle.order | 2 |
| tst.ts:494:12:494:40 | [ConditionalExpr] num % 2 ... : "odd" | tst.ts:494:12:494:24 | [BinaryExpr] num % 2 === 0 | semmle.label | 1 |
| tst.ts:494:12:494:40 | [ConditionalExpr] num % 2 ... : "odd" | tst.ts:494:12:494:24 | [BinaryExpr] num % 2 === 0 | semmle.order | 1 |
| tst.ts:494:12:494:40 | [ConditionalExpr] num % 2 ... : "odd" | tst.ts:494:28:494:33 | [Literal] "even" | semmle.label | 2 |
| tst.ts:494:12:494:40 | [ConditionalExpr] num % 2 ... : "odd" | tst.ts:494:28:494:33 | [Literal] "even" | semmle.order | 2 |
| tst.ts:494:12:494:40 | [ConditionalExpr] num % 2 ... : "odd" | tst.ts:494:36:494:40 | [Literal] "odd" | semmle.label | 3 |
| tst.ts:494:12:494:40 | [ConditionalExpr] num % 2 ... : "odd" | tst.ts:494:36:494:40 | [Literal] "odd" | semmle.order | 3 |
| tstModuleCJS.cts:1:1:3:1 | [ExportDeclaration] export ... 'b'; } | tstModuleCJS.cts:1:8:3:1 | [FunctionDeclStmt] functio ... 'b'; } | semmle.label | 1 |
| tstModuleCJS.cts:1:1:3:1 | [ExportDeclaration] export ... 'b'; } | tstModuleCJS.cts:1:8:3:1 | [FunctionDeclStmt] functio ... 'b'; } | semmle.order | 1 |
| tstModuleCJS.cts:1:8:3:1 | [FunctionDeclStmt] functio ... 'b'; } | tstModuleCJS.cts:1:17:1:28 | [VarDecl] tstModuleCJS | semmle.label | 0 |

45
javascript/ql/test/library-tests/TypeScript/Types/tests.expected
View File

@@ -658,6 +658,40 @@ getExprType
| tst.ts:483:17:483:58 | ["hello ... string> | [first: string, string] |
| tst.ts:483:18:483:24 | "hello" | "hello" |
| tst.ts:483:27:483:33 | "world" | "world" |
| tst.ts:486:8:486:11 | TS54 | typeof TS54 in library-tests/TypeScript/Types/tst.ts |
| tst.ts:487:48:487:53 | colors | C[] |
| tst.ts:488:12:488:17 | colors | C[] |
| tst.ts:488:12:488:20 | colors[0] | C |
| tst.ts:488:19:488:19 | 0 | 0 |
| tst.ts:491:3:491:57 | createS ... ellow") | "red" \| "green" \| "yellow" |
| tst.ts:491:21:491:46 | ["red", ... green"] | ("red" \| "green" \| "yellow")[] |
| tst.ts:491:22:491:26 | "red" | "red" |
| tst.ts:491:29:491:36 | "yellow" | "yellow" |
| tst.ts:491:39:491:45 | "green" | "green" |
| tst.ts:491:49:491:56 | "yellow" | "yellow" |
| tst.ts:493:9:493:13 | myObj | Partial<Record<"even" \| "odd", number[]>> |
| tst.ts:493:17:493:22 | Object | ObjectConstructor |
| tst.ts:493:17:493:30 | Object.groupBy | <K extends PropertyKey, T>(items: Iterable<T>, ... |
| tst.ts:493:17:495:4 | Object. ... ";\\n }) | Partial<Record<"even" \| "odd", number[]>> |
| tst.ts:493:24:493:30 | groupBy | <K extends PropertyKey, T>(items: Iterable<T>, ... |
| tst.ts:493:32:493:49 | [0, 1, 2, 3, 4, 5] | Iterable<number> |
| tst.ts:493:33:493:33 | 0 | 0 |
| tst.ts:493:36:493:36 | 1 | 1 |
| tst.ts:493:39:493:39 | 2 | 2 |
| tst.ts:493:42:493:42 | 3 | 3 |
| tst.ts:493:45:493:45 | 4 | 4 |
| tst.ts:493:48:493:48 | 5 | 5 |
| tst.ts:493:52:495:3 | (num, i ... d";\\n } | (num: number, index: number) => "even" \| "odd" |
| tst.ts:493:53:493:55 | num | number |
| tst.ts:493:58:493:62 | index | number |
| tst.ts:494:12:494:14 | num | number |
| tst.ts:494:12:494:18 | num % 2 | number |
| tst.ts:494:12:494:24 | num % 2 === 0 | boolean |
| tst.ts:494:12:494:40 | num % 2 ... : "odd" | "even" \| "odd" |
| tst.ts:494:18:494:18 | 2 | 2 |
| tst.ts:494:24:494:24 | 0 | 0 |
| tst.ts:494:28:494:33 | "even" | "even" |
| tst.ts:494:36:494:40 | "odd" | "odd" |
| tstModuleCJS.cts:1:17:1:28 | tstModuleCJS | () => "a" \| "b" |
| tstModuleCJS.cts:2:12:2:15 | Math | Math |
| tstModuleCJS.cts:2:12:2:22 | Math.random | () => number |
@@ -1138,6 +1172,12 @@ getTypeExprType
| tst.ts:483:46:483:50 | Pair3 | Pair3<T> |
| tst.ts:483:46:483:58 | Pair3<string> | Pair3<string> |
| tst.ts:483:52:483:57 | string | string |
| tst.ts:487:30:487:30 | C | C |
| tst.ts:487:40:487:45 | string | string |
| tst.ts:487:56:487:56 | C | C |
| tst.ts:487:56:487:58 | C[] | C[] |
| tst.ts:487:76:487:82 | NoInfer | any |
| tst.ts:487:84:487:84 | C | C |
| tstModuleCJS.cts:1:33:1:35 | 'a' | "a" |
| tstModuleCJS.cts:1:33:1:41 | 'a' \| 'b' | "a" \| "b" |
| tstModuleCJS.cts:1:39:1:41 | 'b' | "b" |
@@ -1357,18 +1397,23 @@ unionIndex
| "boolean" | 3 | "string" \| "number" \| "bigint" \| "boolean" \| "s... |
| "c" | 2 | "a" \| "b" \| "c" |
| "circle" | 0 | "circle" \| "square" |
| "even" | 0 | "even" \| "odd" |
| "function" | 7 | "string" \| "number" \| "bigint" \| "boolean" \| "s... |
| "green" | 1 | "red" \| "green" \| "blue" |
| "green" | 1 | "red" \| "green" \| "yellow" |
| "hello" | 0 | "hello" \| 42 |
| "number" | 1 | "string" \| "number" \| "bigint" \| "boolean" \| "s... |
| "number" | 1 | keyof TypeMap |
| "object" | 6 | "string" \| "number" \| "bigint" \| "boolean" \| "s... |
| "odd" | 1 | "even" \| "odd" |
| "red" | 0 | "red" \| "green" \| "blue" |
| "red" | 0 | "red" \| "green" \| "yellow" |
| "square" | 1 | "circle" \| "square" |
| "string" | 0 | "string" \| "number" \| "bigint" \| "boolean" \| "s... |
| "string" | 0 | keyof TypeMap |
| "symbol" | 4 | "string" \| "number" \| "bigint" \| "boolean" \| "s... |
| "undefined" | 5 | "string" \| "number" \| "bigint" \| "boolean" \| "s... |
| "yellow" | 2 | "red" \| "green" \| "yellow" |
| () => number | 0 | (() => number) \| (ClassMethodDecoratorContext<P... |
| () => number | 1 | void \| (() => number) |
| ClassMethodDecoratorContext<Person, () => numbe... | 1 | (() => number) \| (ClassMethodDecoratorContext<P... |

12
javascript/ql/test/library-tests/TypeScript/Types/tst.ts
View File

@@ -481,4 +481,16 @@ module TS52 {
type Pair3<T> = [first: T, T];
console.log(["hello", "world"] satisfies Pair3<string>);
}
module TS54 {
function createStreetLight<C extends string>(colors: C[], defaultColor?: NoInfer<C>) {
return colors[0];
}
createStreetLight(["red", "yellow", "green"], "yellow");
const myObj = Object.groupBy([0, 1, 2, 3, 4, 5], (num, index) => {
return num % 2 === 0 ? "even": "odd";
});
}

1
javascript/ql/test/library-tests/TypeTracking/TypeTracking.expected
View File

@@ -0,0 +1 @@

27
javascript/ql/test/library-tests/TypeTracking/implicit-receiver.js Normal file
View File

@@ -0,0 +1,27 @@
import 'dummy';
let trackedProp = "implicit-receiver-prop"; // name: implicit-receiver-prop
function factory() {
let obj = unknown(); // name: implicit-receiver-obj
obj.foo = function() {
track(this); // track: implicit-receiver-obj
track(this.x); // track: implicit-receiver-obj track: implicit-receiver-prop
}
return obj;
}
let obj = factory();
obj.x = trackedProp;
function factory2() {
let obj2 = { // name: implicit-receiver-obj2
foo: function() {
track(this); // track: implicit-receiver-obj2
track(this.x); // track: implicit-receiver-obj2 track: implicit-receiver-prop
}
}
return obj2;
}
let obj2 = factory2()
obj2.x = trackedProp;

5
javascript/ql/test/library-tests/frameworks/data/test.expected
View File

@@ -75,6 +75,11 @@ taintFlow
| test.js:249:28:249:35 | source() | test.js:249:28:249:35 | source() |
| test.js:252:15:252:22 | source() | test.js:252:15:252:22 | source() |
| test.js:254:32:254:39 | source() | test.js:254:32:254:39 | source() |
| test.js:262:10:262:31 | this.ba ... ource() | test.js:262:10:262:31 | this.ba ... ource() |
| test.js:265:6:265:39 | new MyS ... ource() | test.js:265:6:265:39 | new MyS ... ource() |
| test.js:269:10:269:31 | this.ba ... ource() | test.js:269:10:269:31 | this.ba ... ource() |
| test.js:272:6:272:40 | new MyS ... ource() | test.js:272:6:272:40 | new MyS ... ource() |
| test.js:274:6:274:39 | testlib ... eName() | test.js:274:6:274:39 | testlib ... eName() |
isSink
| test.js:54:18:54:25 | source() | test-sink |
| test.js:55:22:55:29 | source() | test-sink |

77
javascript/ql/test/library-tests/frameworks/data/test.ext.yml Normal file
View File

@@ -0,0 +1,77 @@
extensions:
- addsTo:
pack: codeql/javascript-all
extensible: sourceModel
data:
- ['testlib', 'Member[BaseClass].Instance.Member[baseclassSource].ReturnValue', 'test-source']
- ['testlib', 'Member[ClassDecorator].DecoratedClass.Instance.Member[inputIsSource].Parameter[0]', 'test-source']
- ['testlib', 'Member[FieldDecoratorSource].DecoratedMember', 'test-source']
- ['testlib', 'Member[MethodDecoratorWithArgs].ReturnValue.DecoratedMember.Parameter[0]', 'test-source']
- ['testlib', 'Member[MethodDecorator].DecoratedMember.Parameter[0]', 'test-source']
- ['testlib', 'Member[ParamDecoratorSource].DecoratedParameter', 'test-source']
- ['testlib', 'Member[getSource].ReturnValue', 'test-source']
- ['(testlib)', 'Member[parenthesizedPackageName].ReturnValue', 'test-source']
- addsTo:
pack: codeql/javascript-all
extensible: sinkModel
data:
- ['testlib', 'AnyMember.Member[memberSink].Argument[0]', 'test-sink']
- ['testlib', 'Fuzzy.Member[fuzzyCall].Argument[0]', 'test-sink']
- ['testlib', 'Member[ClassDecorator].DecoratedClass.Instance.Member[returnValueIsSink].ReturnValue', 'test-sink']
- ['testlib', 'Member[FieldDecoratorSink].DecoratedMember', 'test-sink']
- ['testlib', 'Member[MethodDecoratorWithArgs].ReturnValue.DecoratedMember.ReturnValue', 'test-sink']
- ['testlib', 'Member[MethodDecorator].DecoratedMember.ReturnValue', 'test-sink']
- ['testlib', 'Member[ParamDecoratorSink].DecoratedParameter', 'test-sink']
- ['testlib', 'Member[foo', 'test-sink']
- ['testlib', 'Member[foo] .Member[bar]', 'test-sink']
- ['testlib', 'Member[foo] Member[bar]', 'test-sink']
- ['testlib', 'Member[foo], Member[bar]', 'test-sink']
- ['testlib', 'Member[foo],Member[bar]', 'test-sink']
- ['testlib', 'Member[foo]. Member[bar]', 'test-sink']
- ['testlib', 'Member[foo]..Member[bar]', 'test-sink']
- ['testlib', 'Member[foo]Member[bar]', 'test-sink']
- ['testlib', 'Member[foo]]', 'test-sink']
- ['testlib', 'Member[foo]].Member[bar]', 'test-sink']
- ['testlib', 'Member[mySinkExceptLast].Argument[0..N-2]', 'test-sink']
- ['testlib', 'Member[mySinkIfArityTwo].WithArity[2].Argument[0]', 'test-sink']
- ['testlib', 'Member[mySinkIfCall].Call.Argument[0]', 'test-sink']
- ['testlib', 'Member[mySinkIfNew].NewCall.Argument[0]', 'test-sink']
- ['testlib', 'Member[mySinkLast].Argument[N-1]', 'test-sink']
- ['testlib', 'Member[mySinkSecondLast].Argument[N-2]', 'test-sink']
- ['testlib', 'Member[mySinkTwoLastRange].Argument[N-2..N-1]', 'test-sink']
- ['testlib', 'Member[mySinkTwoLast].Argument[N-1,N-2]', 'test-sink']
- ['testlib', 'Member[mySink].Argument[0]', 'test-sink']
- ['testlib', 'Member[overloadedSink].WithStringArgument[0=danger].Argument[1]', 'test-sink']
- ['testlib', 'Member[sink1, sink2, sink3 ].Argument[0]', 'test-sink']
- ['testlib', 'Member[typevar].TypeVar[ABC].Member[mySink].Argument[0]', 'test-sink']
- ['testlib', 'Member[typevar].TypeVar[ABC].TypeVar[ABC].Member[mySink].Argument[1]', 'test-sink']
- ['testlib', 'Member[typevar].TypeVar[LeftRight].Member[mySink].Argument[0]', 'test-sink']
- addsTo:
pack: codeql/javascript-all
extensible: summaryModel
data:
- ['testlib', 'Member[getSource].ReturnValue.Member[continue]', 'Argument[this]', 'ReturnValue', 'taint']
- ['testlib', 'Member[preserveAllButFirstArgument]', 'Argument[1..]', 'ReturnValue', 'taint']
- ['testlib', 'Member[preserveAllIfCall].Call', 'Argument[0..]', 'ReturnValue', 'taint']
- ['testlib', 'Member[preserveArgZeroAndTwo]', 'Argument[0,2]', 'ReturnValue', 'taint']
- ['testlib', 'Member[preserveTaint]', 'Argument[0]', 'ReturnValue', 'taint']
- ['testlib', 'Member[taintIntoCallbackThis]', 'Argument[0]', 'Argument[1..2].Parameter[this]', 'taint']
- ['testlib', 'Member[taintIntoCallback]', 'Argument[0]', 'Argument[1..2].Parameter[0]', 'taint']
- ['testlib.~HasThisFlow', '', '', 'Member[getThis].ReturnValue', 'type']
- addsTo:
pack: codeql/javascript-all
extensible: typeModel
data:
- ['testlib.~HasThisFlow', 'testlib', 'Member[typevar]']
- ['testlib.~HasThisFlow', 'testlib.~HasThisFlow', 'Member[left,right,x]']
- addsTo:
pack: codeql/javascript-all
extensible: typeVariableModel
data:
- ['ABC', 'Member[a].Member[b].WithArity[0].ReturnValue.Member[c]']
- ['LeftRight', 'Member[left].TypeVar[LeftRight].Member[right]']
- ['LeftRight', 'Member[x]']

16
javascript/ql/test/library-tests/frameworks/data/test.js
View File

@@ -256,3 +256,19 @@ function fuzzy() {
fuzzyCall(source()); // OK - does not come from 'testlib'
require('blah').fuzzyCall(source()); // OK - does not come from 'testlib'
}
class MySubclass extends testlib.BaseClass {
foo() {
sink(this.baseclassSource()); // NOT OK
}
}
sink(new MySubclass().baseclassSource()); // NOT OK
class MySubclass2 extends MySubclass {
foo2() {
sink(this.baseclassSource()); // NOT OK
}
}
sink(new MySubclass2().baseclassSource()); // NOT OK
sink(testlib.parenthesizedPackageName()); // NOT OK

100
javascript/ql/test/library-tests/frameworks/data/test.ql
View File

@@ -2,88 +2,6 @@ import javascript
import testUtilities.ConsistencyChecking
import semmle.javascript.frameworks.data.internal.ApiGraphModels as ApiGraphModels
class Steps extends ModelInput::SummaryModelCsv {
override predicate row(string row) {
// type;path;input;output;kind
row =
[
"testlib;Member[preserveTaint];Argument[0];ReturnValue;taint",
"testlib;Member[taintIntoCallback];Argument[0];Argument[1..2].Parameter[0];taint",
"testlib;Member[taintIntoCallbackThis];Argument[0];Argument[1..2].Parameter[this];taint",
"testlib;Member[preserveArgZeroAndTwo];Argument[0,2];ReturnValue;taint",
"testlib;Member[preserveAllButFirstArgument];Argument[1..];ReturnValue;taint",
"testlib;Member[preserveAllIfCall].Call;Argument[0..];ReturnValue;taint",
"testlib;Member[getSource].ReturnValue.Member[continue];Argument[this];ReturnValue;taint",
"testlib.~HasThisFlow;;;Member[getThis].ReturnValue;type",
]
}
}
class TypeDefs extends ModelInput::TypeModelCsv {
override predicate row(string row) {
row =
[
"testlib.~HasThisFlow;testlib;Member[typevar]",
"testlib.~HasThisFlow;testlib.~HasThisFlow;Member[left,right,x]",
]
}
}
class Sinks extends ModelInput::SinkModelCsv {
override predicate row(string row) {
// type;path;kind
row =
[
"testlib;Member[mySink].Argument[0];test-sink",
"testlib;Member[mySinkIfCall].Call.Argument[0];test-sink",
"testlib;Member[mySinkIfNew].NewCall.Argument[0];test-sink",
"testlib;Member[mySinkLast].Argument[N-1];test-sink",
"testlib;Member[mySinkSecondLast].Argument[N-2];test-sink",
"testlib;Member[mySinkTwoLast].Argument[N-1,N-2];test-sink",
"testlib;Member[mySinkTwoLastRange].Argument[N-2..N-1];test-sink",
"testlib;Member[mySinkExceptLast].Argument[0..N-2];test-sink",
"testlib;Member[mySinkIfArityTwo].WithArity[2].Argument[0];test-sink",
"testlib;Member[sink1, sink2, sink3 ].Argument[0];test-sink",
"testlib;Member[ClassDecorator].DecoratedClass.Instance.Member[returnValueIsSink].ReturnValue;test-sink",
"testlib;Member[FieldDecoratorSink].DecoratedMember;test-sink",
"testlib;Member[MethodDecorator].DecoratedMember.ReturnValue;test-sink",
"testlib;Member[MethodDecoratorWithArgs].ReturnValue.DecoratedMember.ReturnValue;test-sink",
"testlib;Member[ParamDecoratorSink].DecoratedParameter;test-sink",
"testlib;AnyMember.Member[memberSink].Argument[0];test-sink",
"testlib;Member[overloadedSink].WithStringArgument[0=danger].Argument[1];test-sink",
"testlib;Member[typevar].TypeVar[ABC].Member[mySink].Argument[0];test-sink",
"testlib;Member[typevar].TypeVar[ABC].TypeVar[ABC].Member[mySink].Argument[1];test-sink",
"testlib;Member[typevar].TypeVar[LeftRight].Member[mySink].Argument[0];test-sink",
"testlib;Fuzzy.Member[fuzzyCall].Argument[0];test-sink"
]
}
}
class TypeVars extends ModelInput::TypeVariableModelCsv {
override predicate row(string row) {
row =
[
"ABC;Member[a].Member[b].WithArity[0].ReturnValue.Member[c]", //
"LeftRight;Member[left].TypeVar[LeftRight].Member[right]", //
"LeftRight;Member[x]",
]
}
}
class Sources extends ModelInput::SourceModelCsv {
override predicate row(string row) {
row =
[
"testlib;Member[getSource].ReturnValue;test-source",
"testlib;Member[ClassDecorator].DecoratedClass.Instance.Member[inputIsSource].Parameter[0];test-source",
"testlib;Member[FieldDecoratorSource].DecoratedMember;test-source",
"testlib;Member[ParamDecoratorSource].DecoratedParameter;test-source",
"testlib;Member[MethodDecorator].DecoratedMember.Parameter[0];test-source",
"testlib;Member[MethodDecoratorWithArgs].ReturnValue.DecoratedMember.Parameter[0];test-source",
]
}
}
module TestConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
source.(DataFlow::CallNode).getCalleeName() = "source"
@@ -124,24 +42,6 @@ query predicate isSink(DataFlow::Node node, string kind) {
node = ModelOutput::getASinkNode(kind).asSink()
}
class SyntaxErrorTest extends ModelInput::SinkModelCsv {
override predicate row(string row) {
row =
[
"testlib;Member[foo],Member[bar];test-sink", //
"testlib;Member[foo] Member[bar];test-sink", //
"testlib;Member[foo]. Member[bar];test-sink", //
"testlib;Member[foo], Member[bar];test-sink", //
"testlib;Member[foo]..Member[bar];test-sink", //
"testlib;Member[foo] .Member[bar];test-sink", //
"testlib;Member[foo]Member[bar];test-sink", //
"testlib;Member[foo;test-sink", //
"testlib;Member[foo]];test-sink", //
"testlib;Member[foo]].Member[bar];test-sink"
]
}
}
query predicate syntaxErrors(ApiGraphModels::AccessPath path) { path.hasSyntaxError() }
query predicate warning = ModelOutput::getAWarning/0;

2
javascript/ql/test/library-tests/frameworks/data/warnings.expected
View File

@@ -1,5 +1,3 @@
| CSV type row should have 3 columns but has 1: test.TooFewColumns |
| CSV type row should have 3 columns but has 6: test.TooManyColumns;;Member[Foo].Instance;too;many;columns |
| Invalid argument '0-1' in token 'Argument[0-1]' in access path: Method[foo].Argument[0-1] |
| Invalid argument '*' in token 'Argument[*]' in access path: Method[foo].Argument[*] |
| Invalid token 'Argument' is missing its arguments, in access path: Method[foo].Argument |

10
javascript/ql/test/library-tests/frameworks/data/warnings.ext.yml Normal file
View File

@@ -0,0 +1,10 @@
extensions:
- addsTo:
pack: codeql/javascript-all
extensible: typeModel
data:
- ['test.X', 'test.Y', 'Method[foo].Arg[0]']
- ['test.X', 'test.Y', 'Method[foo].Argument[0-1]']
- ['test.X', 'test.Y', 'Method[foo].Argument[*]']
- ['test.X', 'test.Y', 'Method[foo].Argument']
- ['test.X', 'test.Y', 'Method[foo].Member']

15
javascript/ql/test/library-tests/frameworks/data/warnings.ql
View File

@@ -1,21 +1,6 @@
import javascript
import semmle.javascript.frameworks.data.internal.ApiGraphModels as ApiGraphModels
private class InvalidTypeModel extends ModelInput::TypeModelCsv {
override predicate row(string row) {
row =
[
"test.TooManyColumns;;Member[Foo].Instance;too;many;columns", //
"test.TooFewColumns", //
"test.X;test.Y;Method[foo].Arg[0]", //
"test.X;test.Y;Method[foo].Argument[0-1]", //
"test.X;test.Y;Method[foo].Argument[*]", //
"test.X;test.Y;Method[foo].Argument", //
"test.X;test.Y;Method[foo].Member", //
]
}
}
class IsTesting extends ApiGraphModels::TestAllModels {
IsTesting() { this = this }
}

8
javascript/ql/test/query-tests/Expressions/UnknownDirective/UnknownDirective.expected
View File

@@ -11,7 +11,7 @@
| UnknownDirective.js:12:5:12:17 | "use struct;" | Unknown directive: 'use struct;'. |
| UnknownDirective.js:13:5:13:17 | "Use Strict"; | Unknown directive: 'Use Strict'. |
| UnknownDirective.js:14:5:14:14 | "use bar"; | Unknown directive: 'use bar'. |
| UnknownDirective.js:38:5:38:17 | "[0, 0, 0];"; | Unknown directive: '[0, 0, 0];'. |
| UnknownDirective.js:39:5:39:65 | "[0, 0, ... , 0];"; | Unknown directive: '[0, 0, 0, 0, 0, 0, 0 ... (truncated)'. |
| UnknownDirective.js:45:5:45:15 | ":nomunge"; | Unknown directive: ':nomunge'. |
| UnknownDirective.js:46:5:46:30 | "foo(), ... munge"; | Unknown directive: 'foo(), bar, baz:nomu ... (truncated)'. |
| UnknownDirective.js:40:5:40:17 | "[0, 0, 0];"; | Unknown directive: '[0, 0, 0];'. |
| UnknownDirective.js:41:5:41:65 | "[0, 0, ... , 0];"; | Unknown directive: '[0, 0, 0, 0, 0, 0, 0 ... (truncated)'. |
| UnknownDirective.js:47:5:47:15 | ":nomunge"; | Unknown directive: ':nomunge'. |
| UnknownDirective.js:48:5:48:30 | "foo(), ... munge"; | Unknown directive: 'foo(), bar, baz:nomu ... (truncated)'. |

6
javascript/ql/test/query-tests/Expressions/UnknownDirective/UnknownDirective.js
View File

@@ -32,6 +32,8 @@ function good() {
"ngNoInject"; // OK
"deps foo"; // OK
"deps bar"; // OK
"use server"; // OK
"use client"; // OK
}
function data() {
@@ -46,6 +48,6 @@ function yui() {
"foo(), bar, baz:nomunge"; // NOT OK
}
function babel_typeof(obj) {
function babel_typeof(obj) {
"@babel/helpers - typeof"
}
}

622
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected
View File

@@ -1,304 +1,484 @@
nodes
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id |
| ReflectedXss.js:8:33:8:45 | req.params.id |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id |
| ReflectedXss.js:17:31:17:39 | params.id |
| ReflectedXss.js:22:12:22:19 | req.body |
| ReflectedXss.js:22:12:22:19 | req.body |
| ReflectedXss.js:22:12:22:19 | req.body |
| ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body |
| ReflectedXss.js:23:19:23:26 | req.body |
| ReflectedXss.js:29:12:29:19 | req.body |
| ReflectedXss.js:29:12:29:19 | req.body |
| ReflectedXss.js:29:12:29:19 | req.body |
| ReflectedXss.js:30:7:33:4 | mytable |
| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) |
| ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] |
| ReflectedXss.js:32:5:32:22 | ['body', req.body] |
| ReflectedXss.js:32:14:32:21 | req.body |
| ReflectedXss.js:32:14:32:21 | req.body |
| ReflectedXss.js:34:12:34:18 | mytable |
| ReflectedXss.js:34:12:34:18 | mytable |
| ReflectedXss.js:41:12:41:19 | req.body |
| ReflectedXss.js:41:12:41:19 | req.body |
| ReflectedXss.js:41:12:41:19 | req.body |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body |
| ReflectedXss.js:42:31:42:38 | req.body |
| ReflectedXss.js:56:12:56:19 | req.body |
| ReflectedXss.js:56:12:56:19 | req.body |
| ReflectedXss.js:56:12:56:19 | req.body |
| ReflectedXss.js:64:14:64:21 | req.body |
| ReflectedXss.js:64:14:64:21 | req.body |
| ReflectedXss.js:64:39:64:42 | file |
| ReflectedXss.js:65:16:65:19 | file |
| ReflectedXss.js:65:16:65:19 | file |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) |
| ReflectedXss.js:68:12:68:52 | remark( ... tring() |
| ReflectedXss.js:68:12:68:52 | remark( ... tring() |
| ReflectedXss.js:68:33:68:40 | req.body |
| ReflectedXss.js:68:33:68:40 | req.body |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) |
| ReflectedXss.js:72:12:72:65 | unified ... oString |
| ReflectedXss.js:72:12:72:65 | unified ... oString |
| ReflectedXss.js:72:48:72:55 | req.body |
| ReflectedXss.js:72:48:72:55 | req.body |
| ReflectedXss.js:74:20:74:27 | req.body |
| ReflectedXss.js:74:20:74:27 | req.body |
| ReflectedXss.js:74:34:74:34 | f |
| ReflectedXss.js:75:14:75:14 | f |
| ReflectedXss.js:75:14:75:14 | f |
| ReflectedXss.js:83:12:83:19 | req.body |
| ReflectedXss.js:83:12:83:19 | req.body |
| ReflectedXss.js:83:12:83:19 | req.body |
| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body |
| ReflectedXss.js:84:22:84:29 | req.body |
| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body |
| ReflectedXss.js:85:23:85:30 | req.body |
| ReflectedXss.js:97:12:97:19 | req.body |
| ReflectedXss.js:97:12:97:19 | req.body |
| ReflectedXss.js:97:12:97:19 | req.body |
| ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body |
| ReflectedXss.js:98:30:98:37 | req.body |
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body |
| ReflectedXss.js:100:31:100:38 | req.body |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body |
| ReflectedXss.js:103:76:103:83 | req.body |
| ReflectedXss.js:110:16:110:30 | request.query.p |
| ReflectedXss.js:110:16:110:30 | request.query.p |
| ReflectedXss.js:110:16:110:30 | request.query.p |
| ReflectedXss.js:114:11:114:41 | queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys |
| ReflectedXss.js:116:11:116:45 | keys |
| ReflectedXss.js:116:18:116:26 | queryKeys |
| ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys |
| ReflectedXss.js:118:11:118:61 | keyArray |
| ReflectedXss.js:118:22:118:61 | typeof ... : keys |
| ReflectedXss.js:118:49:118:54 | [keys] |
| ReflectedXss.js:118:50:118:53 | keys |
| ReflectedXss.js:118:58:118:61 | keys |
| ReflectedXss.js:119:11:119:72 | invalidKeys |
| ReflectedXss.js:119:25:119:32 | keyArray |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` |
| ReflectedXss.js:122:33:122:43 | invalidKeys |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id |
| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id |
| ReflectedXssGood3.js:135:9:135:27 | url |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id |
| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| ReflectedXssGood3.js:139:24:139:26 | url |
| etherpad.js:9:5:9:53 | response |
| etherpad.js:9:16:9:30 | req.query.jsonp |
| etherpad.js:9:16:9:30 | req.query.jsonp |
| etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:11:12:11:19 | response |
| etherpad.js:11:12:11:19 | response |
| formatting.js:4:9:4:29 | evil |
| formatting.js:4:16:4:29 | req.query.evil |
| formatting.js:4:16:4:29 | req.query.evil |
| formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:6:43:6:46 | evil |
| formatting.js:7:14:7:53 | require ... , evil) |
| formatting.js:7:14:7:53 | require ... , evil) |
| formatting.js:7:49:7:52 | evil |
| live-server.js:4:11:4:27 | tainted |
| live-server.js:4:21:4:27 | req.url |
| live-server.js:4:21:4:27 | req.url |
| live-server.js:6:13:6:50 | `<html> ... /html>` |
| live-server.js:6:13:6:50 | `<html> ... /html>` |
| live-server.js:6:28:6:34 | tainted |
| live-server.js:10:11:10:27 | tainted |
| live-server.js:10:21:10:27 | req.url |
| live-server.js:10:21:10:27 | req.url |
| live-server.js:12:13:12:50 | `<html> ... /html>` |
| live-server.js:12:13:12:50 | `<html> ... /html>` |
| live-server.js:12:28:12:34 | tainted |
| pages/Next.jsx:8:13:8:19 | req.url |
| pages/Next.jsx:8:13:8:19 | req.url |
| pages/Next.jsx:8:13:8:19 | req.url |
| pages/Next.jsx:15:13:15:19 | req.url |
| pages/Next.jsx:15:13:15:19 | req.url |
| pages/Next.jsx:15:13:15:19 | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url |
| partial.js:9:25:9:25 | x |
| partial.js:10:14:10:14 | x |
| partial.js:10:14:10:18 | x + y |
| partial.js:10:14:10:18 | x + y |
| partial.js:13:42:13:48 | req.url |
| partial.js:13:42:13:48 | req.url |
| partial.js:18:25:18:25 | x |
| partial.js:19:14:19:14 | x |
| partial.js:19:14:19:18 | x + y |
| partial.js:19:14:19:18 | x + y |
| partial.js:22:51:22:57 | req.url |
| partial.js:22:51:22:57 | req.url |
| partial.js:27:25:27:25 | x |
| partial.js:28:14:28:14 | x |
| partial.js:28:14:28:18 | x + y |
| partial.js:28:14:28:18 | x + y |
| partial.js:31:47:31:53 | req.url |
| partial.js:31:47:31:53 | req.url |
| partial.js:36:25:36:25 | x |
| partial.js:37:14:37:14 | x |
| partial.js:37:14:37:18 | x + y |
| partial.js:37:14:37:18 | x + y |
| partial.js:40:43:40:49 | req.url |
| partial.js:40:43:40:49 | req.url |
| promises.js:5:3:5:59 | new Pro ... .data)) |
| promises.js:5:44:5:57 | req.query.data |
| promises.js:5:44:5:57 | req.query.data |
| promises.js:6:11:6:11 | x |
| promises.js:6:25:6:25 | x |
| promises.js:6:25:6:25 | x |
| tst2.js:6:7:6:30 | p |
| tst2.js:6:7:6:30 | r |
| tst2.js:6:9:6:9 | p |
| tst2.js:6:9:6:9 | p |
| tst2.js:6:12:6:15 | q: r |
| tst2.js:6:12:6:15 | q: r |
| tst2.js:7:12:7:12 | p |
| tst2.js:7:12:7:12 | p |
| tst2.js:8:12:8:12 | r |
| tst2.js:8:12:8:12 | r |
| tst2.js:14:7:14:24 | p |
| tst2.js:14:9:14:9 | p |
| tst2.js:14:9:14:9 | p |
| tst2.js:18:12:18:12 | p |
| tst2.js:18:12:18:12 | p |
| tst2.js:21:14:21:14 | p |
| tst2.js:21:14:21:14 | p |
| tst2.js:30:7:30:24 | p |
| tst2.js:30:9:30:9 | p |
| tst2.js:30:9:30:9 | p |
| tst2.js:33:11:33:11 | p |
| tst2.js:36:12:36:12 | p |
| tst2.js:36:12:36:12 | p |
| tst2.js:37:12:37:18 | other.p |
| tst2.js:37:12:37:18 | other.p |
| tst2.js:43:7:43:24 | p |
| tst2.js:43:9:43:9 | p |
| tst2.js:43:9:43:9 | p |
| tst2.js:49:7:49:53 | unsafe |
| tst2.js:49:16:49:53 | seriali ... true}) |
| tst2.js:49:36:49:36 | p |
| tst2.js:51:12:51:17 | unsafe |
| tst2.js:51:12:51:17 | unsafe |
| tst2.js:57:7:57:24 | p |
| tst2.js:57:9:57:9 | p |
| tst2.js:57:9:57:9 | p |
| tst2.js:60:11:60:11 | p |
| tst2.js:63:12:63:12 | p |
| tst2.js:63:12:63:12 | p |
| tst2.js:64:12:64:18 | other.p |
| tst2.js:64:12:64:18 | other.p |
| tst2.js:69:7:69:24 | p |
| tst2.js:69:9:69:9 | p |
| tst2.js:69:9:69:9 | p |
| tst2.js:72:11:72:11 | p |
| tst2.js:75:12:75:12 | p |
| tst2.js:75:12:75:12 | p |
| tst2.js:76:12:76:18 | other.p |
| tst2.js:76:12:76:18 | other.p |
| tst2.js:82:7:82:24 | p |
| tst2.js:82:9:82:9 | p |
| tst2.js:82:9:82:9 | p |
| tst2.js:85:11:85:11 | p |
| tst2.js:88:12:88:12 | p |
| tst2.js:88:12:88:12 | p |
| tst2.js:89:12:89:18 | other.p |
| tst2.js:89:12:89:18 | other.p |
| tst3.js:5:7:5:24 | p |
| tst3.js:5:9:5:9 | p |
| tst3.js:5:9:5:9 | p |
| tst3.js:6:12:6:12 | p |
| tst3.js:6:12:6:12 | p |
| tst3.js:11:9:11:74 | code |
| tst3.js:11:16:11:74 | prettie ... bel" }) |
| tst3.js:11:32:11:39 | reg.body |
| tst3.js:11:32:11:39 | reg.body |
| tst3.js:12:12:12:15 | code |
| tst3.js:12:12:12:15 | code |
edges
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body |
| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable |
| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable |
| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | ReflectedXss.js:30:7:33:4 | mytable |
| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) |
| ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] | ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) |
| ReflectedXss.js:32:5:32:22 | ['body', req.body] | ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] |
| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:32:5:32:22 | ['body', req.body] |
| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:32:5:32:22 | ['body', req.body] |
| ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body |
| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file |
| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file |
| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file |
| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() |
| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) |
| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString |
| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) |
| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) |
| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f |
| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f |
| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f |
| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f |
| ReflectedXss.js:83:12:83:19 | req.body | ReflectedXss.js:83:12:83:19 | req.body |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:97:12:97:19 | req.body | ReflectedXss.js:97:12:97:19 | req.body |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p |
| ReflectedXss.js:114:11:114:41 | queryKeys | ReflectedXss.js:116:18:116:26 | queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys |
| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:50:118:53 | keys |
| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:58:118:61 | keys |
| ReflectedXss.js:116:18:116:26 | queryKeys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys |
| ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | ReflectedXss.js:116:11:116:45 | keys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys |
| ReflectedXss.js:118:11:118:61 | keyArray | ReflectedXss.js:119:25:119:32 | keyArray |
| ReflectedXss.js:118:22:118:61 | typeof ... : keys | ReflectedXss.js:118:11:118:61 | keyArray |
| ReflectedXss.js:118:49:118:54 | [keys] | ReflectedXss.js:118:22:118:61 | typeof ... : keys |
| ReflectedXss.js:118:50:118:53 | keys | ReflectedXss.js:118:49:118:54 | [keys] |
| ReflectedXss.js:118:58:118:61 | keys | ReflectedXss.js:118:22:118:61 | typeof ... : keys |
| ReflectedXss.js:119:11:119:72 | invalidKeys | ReflectedXss.js:122:33:122:43 | invalidKeys |
| ReflectedXss.js:119:25:119:32 | keyArray | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | ReflectedXss.js:119:11:119:72 | invalidKeys |
| ReflectedXss.js:122:33:122:43 | invalidKeys | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:77:16:77:20 | value |
| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:105:18:105:22 | value |
| ReflectedXssGood3.js:77:7:77:37 | parts | ReflectedXssGood3.js:108:10:108:14 | parts |
| ReflectedXssGood3.js:77:16:77:20 | value | ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) |
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:77:7:77:37 | parts |
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:108:10:108:23 | parts.join('') |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:77:7:77:37 | parts |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:108:10:108:23 | parts.join('') |
| ReflectedXssGood3.js:105:18:105:22 | value | ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) |
| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | ReflectedXssGood3.js:105:7:105:11 | [post update] parts |
| ReflectedXssGood3.js:108:10:108:14 | parts | ReflectedXssGood3.js:108:10:108:23 | parts.join('') |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssGood3.js:135:9:135:27 | url | ReflectedXssGood3.js:139:24:139:26 | url |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url |
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url |
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:5:9:53 | response |
| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:9:16:9:53 | req.que ... e + ")" | etherpad.js:9:5:9:53 | response |
| formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil |
| formatting.js:4:9:4:29 | evil | formatting.js:7:49:7:52 | evil |
| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil |
| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil |
| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) |
| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) |
| live-server.js:4:11:4:27 | tainted | live-server.js:6:28:6:34 | tainted |
| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted |
| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted |
| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | `<html> ... /html>` |
| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | `<html> ... /html>` |
| live-server.js:10:11:10:27 | tainted | live-server.js:12:28:12:34 | tainted |
| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted |
| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted |
| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | `<html> ... /html>` |
| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | `<html> ... /html>` |
| pages/Next.jsx:8:13:8:19 | req.url | pages/Next.jsx:8:13:8:19 | req.url |
| pages/Next.jsx:15:13:15:19 | req.url | pages/Next.jsx:15:13:15:19 | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url | pages/api/myapi.js:2:14:2:20 | req.url |
| partial.js:9:25:9:25 | x | partial.js:10:14:10:14 | x |
| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y |
| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y |
| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x |
| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x |
| partial.js:18:25:18:25 | x | partial.js:19:14:19:14 | x |
| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y |
| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y |
| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x |
| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x |
| partial.js:27:25:27:25 | x | partial.js:28:14:28:14 | x |
| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y |
| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y |
| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x |
| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x |
| partial.js:36:25:36:25 | x | partial.js:37:14:37:14 | x |
| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y |
| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y |
| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x |
| promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | promises.js:6:11:6:11 | x |
| promises.js:5:36:5:42 | [post update] resolve [resolve-value] | promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] |
| promises.js:5:44:5:57 | req.query.data | promises.js:5:36:5:42 | [post update] resolve [resolve-value] |
| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x |
| promises.js:5:3:5:59 | new Pro ... .data)) | promises.js:6:11:6:11 | x |
| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) |
| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) |
| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x |
| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p |
| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p |
| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r |
| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r |
| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p |
| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p |
| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r |
| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r |
| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p |
| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p |
| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p |
| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p |
| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p |
| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p |
| tst2.js:30:7:30:24 | p | tst2.js:33:11:33:11 | p |
| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p |
| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p |
| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p |
| tst2.js:32:7:32:14 | obj [p] | tst2.js:34:21:34:23 | obj [p] |
| tst2.js:33:3:33:5 | [post update] obj [p] | tst2.js:32:7:32:14 | obj [p] |
| tst2.js:33:11:33:11 | p | tst2.js:33:3:33:5 | [post update] obj [p] |
| tst2.js:34:7:34:24 | other [p] | tst2.js:37:12:37:16 | other [p] |
| tst2.js:34:15:34:24 | clone(obj) [p] | tst2.js:34:7:34:24 | other [p] |
| tst2.js:34:21:34:23 | obj [p] | tst2.js:34:15:34:24 | clone(obj) [p] |
| tst2.js:37:12:37:16 | other [p] | tst2.js:37:12:37:18 | other.p |
| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p |
| tst2.js:33:11:33:11 | p | tst2.js:37:12:37:18 | other.p |
| tst2.js:33:11:33:11 | p | tst2.js:37:12:37:18 | other.p |
| tst2.js:43:7:43:24 | p | tst2.js:49:36:49:36 | p |
| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p |
| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p |
| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe |
| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe |
| tst2.js:49:16:49:53 | seriali ... true}) | tst2.js:49:7:49:53 | unsafe |
| tst2.js:49:36:49:36 | p | tst2.js:49:16:49:53 | seriali ... true}) |
| tst2.js:57:7:57:24 | p | tst2.js:60:11:60:11 | p |
| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p |
| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p |
| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p |
| tst2.js:59:7:59:14 | obj [p] | tst2.js:61:22:61:24 | obj [p] |
| tst2.js:60:3:60:5 | [post update] obj [p] | tst2.js:59:7:59:14 | obj [p] |
| tst2.js:60:11:60:11 | p | tst2.js:60:3:60:5 | [post update] obj [p] |
| tst2.js:61:7:61:25 | other [p] | tst2.js:64:12:64:16 | other [p] |
| tst2.js:61:15:61:25 | fclone(obj) [p] | tst2.js:61:7:61:25 | other [p] |
| tst2.js:61:22:61:24 | obj [p] | tst2.js:61:15:61:25 | fclone(obj) [p] |
| tst2.js:64:12:64:16 | other [p] | tst2.js:64:12:64:18 | other.p |
| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p |
| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p |
| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p |
| tst2.js:69:7:69:24 | p | tst2.js:72:11:72:11 | p |
| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p |
| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p |
| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p |
| tst2.js:71:7:71:14 | obj [p] | tst2.js:73:40:73:42 | obj [p] |
| tst2.js:72:3:72:5 | [post update] obj [p] | tst2.js:71:7:71:14 | obj [p] |
| tst2.js:72:11:72:11 | p | tst2.js:72:3:72:5 | [post update] obj [p] |
| tst2.js:73:7:73:44 | other [p] | tst2.js:76:12:76:16 | other [p] |
| tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | tst2.js:73:7:73:44 | other [p] |
| tst2.js:73:29:73:43 | jc.decycle(obj) [p] | tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] |
| tst2.js:73:40:73:42 | obj [p] | tst2.js:73:29:73:43 | jc.decycle(obj) [p] |
| tst2.js:76:12:76:16 | other [p] | tst2.js:76:12:76:18 | other.p |
| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p |
| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p |
| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p |
| tst2.js:82:7:82:24 | p | tst2.js:85:11:85:11 | p |
| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p |
| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p |
| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p |
| tst2.js:84:7:84:14 | obj [p] | tst2.js:86:24:86:26 | obj [p] |
| tst2.js:85:3:85:5 | [post update] obj [p] | tst2.js:84:7:84:14 | obj [p] |
| tst2.js:85:11:85:11 | p | tst2.js:85:3:85:5 | [post update] obj [p] |
| tst2.js:86:7:86:27 | other [p] | tst2.js:89:12:89:16 | other [p] |
| tst2.js:86:15:86:27 | sortKeys(obj) [p] | tst2.js:86:7:86:27 | other [p] |
| tst2.js:86:24:86:26 | obj [p] | tst2.js:86:15:86:27 | sortKeys(obj) [p] |
| tst2.js:89:12:89:16 | other [p] | tst2.js:89:12:89:18 | other.p |
| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p |
| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p |
| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p |
| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p |
| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p |
| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p |
| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p |
| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code |
| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code |
| tst3.js:11:16:11:74 | prettie ... bel" }) | tst3.js:11:9:11:74 | code |
| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) |
nodes
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | semmle.label | req.params.id |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | semmle.label | params.id |
| ReflectedXss.js:22:12:22:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:23:12:23:27 | marked(req.body) | semmle.label | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body | semmle.label | req.body |
| ReflectedXss.js:29:12:29:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:30:7:33:4 | mytable | semmle.label | mytable |
| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | semmle.label | table([ ... y]\\n ]) |
| ReflectedXss.js:32:14:32:21 | req.body | semmle.label | req.body |
| ReflectedXss.js:34:12:34:18 | mytable | semmle.label | mytable |
| ReflectedXss.js:41:12:41:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) | semmle.label | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body | semmle.label | req.body |
| ReflectedXss.js:56:12:56:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:64:14:64:21 | req.body | semmle.label | req.body |
| ReflectedXss.js:64:39:64:42 | file | semmle.label | file |
| ReflectedXss.js:65:16:65:19 | file | semmle.label | file |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | semmle.label | remark( ... q.body) |
| ReflectedXss.js:68:12:68:52 | remark( ... tring() | semmle.label | remark( ... tring() |
| ReflectedXss.js:68:33:68:40 | req.body | semmle.label | req.body |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) | semmle.label | unified ... q.body) |
| ReflectedXss.js:72:12:72:65 | unified ... oString | semmle.label | unified ... oString |
| ReflectedXss.js:72:48:72:55 | req.body | semmle.label | req.body |
| ReflectedXss.js:74:20:74:27 | req.body | semmle.label | req.body |
| ReflectedXss.js:74:34:74:34 | f | semmle.label | f |
| ReflectedXss.js:75:14:75:14 | f | semmle.label | f |
| ReflectedXss.js:83:12:83:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | semmle.label | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body | semmle.label | req.body |
| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | semmle.label | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | semmle.label | req.body |
| ReflectedXss.js:97:12:97:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | semmle.label | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body | semmle.label | req.body |
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | semmle.label | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | semmle.label | req.body |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | semmle.label | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | semmle.label | req.body |
| ReflectedXss.js:110:16:110:30 | request.query.p | semmle.label | request.query.p |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | semmle.label | req.params.id |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | semmle.label | req.params.id |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | semmle.label | req.params.id |
| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | semmle.label | req.params.id |
| ReflectedXssGood3.js:68:22:68:26 | value | semmle.label | value |
| ReflectedXssGood3.js:77:7:77:37 | parts | semmle.label | parts |
| ReflectedXssGood3.js:77:16:77:20 | value | semmle.label | value |
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | semmle.label | value.s ... g(0, i) |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | semmle.label | [post update] parts |
| ReflectedXssGood3.js:105:18:105:22 | value | semmle.label | value |
| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | semmle.label | value.s ... g(j, i) |
| ReflectedXssGood3.js:108:10:108:14 | parts | semmle.label | parts |
| ReflectedXssGood3.js:108:10:108:23 | parts.join('') | semmle.label | parts.join('') |
| ReflectedXssGood3.js:135:9:135:27 | url | semmle.label | url |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id | semmle.label | req.params.id |
| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | semmle.label | escapeHtml3(url) |
| ReflectedXssGood3.js:139:24:139:26 | url | semmle.label | url |
| etherpad.js:9:5:9:53 | response | semmle.label | response |
| etherpad.js:9:16:9:30 | req.query.jsonp | semmle.label | req.query.jsonp |
| etherpad.js:11:12:11:19 | response | semmle.label | response |
| formatting.js:4:9:4:29 | evil | semmle.label | evil |
| formatting.js:4:16:4:29 | req.query.evil | semmle.label | req.query.evil |
| formatting.js:6:14:6:47 | util.fo ... , evil) | semmle.label | util.fo ... , evil) |
| formatting.js:6:43:6:46 | evil | semmle.label | evil |
| formatting.js:7:14:7:53 | require ... , evil) | semmle.label | require ... , evil) |
| formatting.js:7:49:7:52 | evil | semmle.label | evil |
| live-server.js:4:11:4:27 | tainted | semmle.label | tainted |
| live-server.js:4:21:4:27 | req.url | semmle.label | req.url |
| live-server.js:6:13:6:50 | `<html> ... /html>` | semmle.label | `<html> ... /html>` |
| live-server.js:6:28:6:34 | tainted | semmle.label | tainted |
| live-server.js:10:11:10:27 | tainted | semmle.label | tainted |
| live-server.js:10:21:10:27 | req.url | semmle.label | req.url |
| live-server.js:12:13:12:50 | `<html> ... /html>` | semmle.label | `<html> ... /html>` |
| live-server.js:12:28:12:34 | tainted | semmle.label | tainted |
| pages/Next.jsx:8:13:8:19 | req.url | semmle.label | req.url |
| pages/Next.jsx:15:13:15:19 | req.url | semmle.label | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url | semmle.label | req.url |
| partial.js:9:25:9:25 | x | semmle.label | x |
| partial.js:10:14:10:14 | x | semmle.label | x |
| partial.js:10:14:10:18 | x + y | semmle.label | x + y |
| partial.js:13:42:13:48 | req.url | semmle.label | req.url |
| partial.js:18:25:18:25 | x | semmle.label | x |
| partial.js:19:14:19:14 | x | semmle.label | x |
| partial.js:19:14:19:18 | x + y | semmle.label | x + y |
| partial.js:22:51:22:57 | req.url | semmle.label | req.url |
| partial.js:27:25:27:25 | x | semmle.label | x |
| partial.js:28:14:28:14 | x | semmle.label | x |
| partial.js:28:14:28:18 | x + y | semmle.label | x + y |
| partial.js:31:47:31:53 | req.url | semmle.label | req.url |
| partial.js:36:25:36:25 | x | semmle.label | x |
| partial.js:37:14:37:14 | x | semmle.label | x |
| partial.js:37:14:37:18 | x + y | semmle.label | x + y |
| partial.js:40:43:40:49 | req.url | semmle.label | req.url |
| promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | semmle.label | new Pro ... .data)) [PromiseValue] |
| promises.js:5:36:5:42 | [post update] resolve [resolve-value] | semmle.label | [post update] resolve [resolve-value] |
| promises.js:5:44:5:57 | req.query.data | semmle.label | req.query.data |
| promises.js:6:11:6:11 | x | semmle.label | x |
| promises.js:6:25:6:25 | x | semmle.label | x |
| tst2.js:6:7:6:30 | p | semmle.label | p |
| tst2.js:6:7:6:30 | r | semmle.label | r |
| tst2.js:6:9:6:9 | p | semmle.label | p |
| tst2.js:6:12:6:15 | q: r | semmle.label | q: r |
| tst2.js:7:12:7:12 | p | semmle.label | p |
| tst2.js:8:12:8:12 | r | semmle.label | r |
| tst2.js:14:7:14:24 | p | semmle.label | p |
| tst2.js:14:9:14:9 | p | semmle.label | p |
| tst2.js:18:12:18:12 | p | semmle.label | p |
| tst2.js:21:14:21:14 | p | semmle.label | p |
| tst2.js:30:7:30:24 | p | semmle.label | p |
| tst2.js:30:9:30:9 | p | semmle.label | p |
| tst2.js:32:7:32:14 | obj [p] | semmle.label | obj [p] |
| tst2.js:33:3:33:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
| tst2.js:33:11:33:11 | p | semmle.label | p |
| tst2.js:34:7:34:24 | other [p] | semmle.label | other [p] |
| tst2.js:34:15:34:24 | clone(obj) [p] | semmle.label | clone(obj) [p] |
| tst2.js:34:21:34:23 | obj [p] | semmle.label | obj [p] |
| tst2.js:36:12:36:12 | p | semmle.label | p |
| tst2.js:37:12:37:16 | other [p] | semmle.label | other [p] |
| tst2.js:37:12:37:18 | other.p | semmle.label | other.p |
| tst2.js:43:7:43:24 | p | semmle.label | p |
| tst2.js:43:9:43:9 | p | semmle.label | p |
| tst2.js:49:7:49:53 | unsafe | semmle.label | unsafe |
| tst2.js:49:16:49:53 | seriali ... true}) | semmle.label | seriali ... true}) |
| tst2.js:49:36:49:36 | p | semmle.label | p |
| tst2.js:51:12:51:17 | unsafe | semmle.label | unsafe |
| tst2.js:57:7:57:24 | p | semmle.label | p |
| tst2.js:57:9:57:9 | p | semmle.label | p |
| tst2.js:59:7:59:14 | obj [p] | semmle.label | obj [p] |
| tst2.js:60:3:60:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
| tst2.js:60:11:60:11 | p | semmle.label | p |
| tst2.js:61:7:61:25 | other [p] | semmle.label | other [p] |
| tst2.js:61:15:61:25 | fclone(obj) [p] | semmle.label | fclone(obj) [p] |
| tst2.js:61:22:61:24 | obj [p] | semmle.label | obj [p] |
| tst2.js:63:12:63:12 | p | semmle.label | p |
| tst2.js:64:12:64:16 | other [p] | semmle.label | other [p] |
| tst2.js:64:12:64:18 | other.p | semmle.label | other.p |
| tst2.js:69:7:69:24 | p | semmle.label | p |
| tst2.js:69:9:69:9 | p | semmle.label | p |
| tst2.js:71:7:71:14 | obj [p] | semmle.label | obj [p] |
| tst2.js:72:3:72:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
| tst2.js:72:11:72:11 | p | semmle.label | p |
| tst2.js:73:7:73:44 | other [p] | semmle.label | other [p] |
| tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | semmle.label | jc.retr ... e(obj)) [p] |
| tst2.js:73:29:73:43 | jc.decycle(obj) [p] | semmle.label | jc.decycle(obj) [p] |
| tst2.js:73:40:73:42 | obj [p] | semmle.label | obj [p] |
| tst2.js:75:12:75:12 | p | semmle.label | p |
| tst2.js:76:12:76:16 | other [p] | semmle.label | other [p] |
| tst2.js:76:12:76:18 | other.p | semmle.label | other.p |
| tst2.js:82:7:82:24 | p | semmle.label | p |
| tst2.js:82:9:82:9 | p | semmle.label | p |
| tst2.js:84:7:84:14 | obj [p] | semmle.label | obj [p] |
| tst2.js:85:3:85:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
| tst2.js:85:11:85:11 | p | semmle.label | p |
| tst2.js:86:7:86:27 | other [p] | semmle.label | other [p] |
| tst2.js:86:15:86:27 | sortKeys(obj) [p] | semmle.label | sortKeys(obj) [p] |
| tst2.js:86:24:86:26 | obj [p] | semmle.label | obj [p] |
| tst2.js:88:12:88:12 | p | semmle.label | p |
| tst2.js:89:12:89:16 | other [p] | semmle.label | other [p] |
| tst2.js:89:12:89:18 | other.p | semmle.label | other.p |
| tst3.js:5:7:5:24 | p | semmle.label | p |
| tst3.js:5:9:5:9 | p | semmle.label | p |
| tst3.js:6:12:6:12 | p | semmle.label | p |
| tst3.js:11:9:11:74 | code | semmle.label | code |
| tst3.js:11:16:11:74 | prettie ... bel" }) | semmle.label | prettie ... bel" }) |
| tst3.js:11:32:11:39 | reg.body | semmle.label | reg.body |
| tst3.js:12:12:12:15 | code | semmle.label | code |
subpaths
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) |
#select
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:17:31:17:39 | params.id | user-provided value |
@@ -321,6 +501,8 @@ subpaths
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:100:31:100:38 | req.body | user-provided value |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:103:76:103:83 | req.body | user-provided value |
| ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:110:16:110:30 | request.query.p | user-provided value |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:114:13:114:27 | keys: queryKeys | user-provided value |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:116:31:116:45 | paramKeys?.keys | user-provided value |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | user-provided value |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | user-provided value |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | user-provided value |

14
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.js
View File

@@ -109,3 +109,17 @@ hapi.route({
handler: function (request){
return request.query.p; // NOT OK
}});
app.get("invalid/keys/:id", async (req, res) => {
const { keys: queryKeys } = req.query;
const paramKeys = req.params;
const keys = queryKeys || paramKeys?.keys;
const keyArray = typeof keys === 'string' ? [keys] : keys;
const invalidKeys = keyArray.filter(key => !whitelist.includes(key));
if (invalidKeys.length) {
res.status(400).send(`${invalidKeys.join(', ')} not in whitelist`);
return;
}
});

2
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected
View File

@@ -19,6 +19,8 @@
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:100:31:100:38 | req.body | user-provided value |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:103:76:103:83 | req.body | user-provided value |
| ReflectedXss.js:110:16:110:30 | request.query.p | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:110:16:110:30 | request.query.p | user-provided value |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:114:13:114:27 | keys: queryKeys | user-provided value |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:116:31:116:45 | paramKeys?.keys | user-provided value |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | user-provided value |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | user-provided value |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | user-provided value |

7
javascript/ql/test/testUtilities/internal/InlineExpectationsTestImpl.qll
View File

@@ -4,8 +4,13 @@ private import codeql.util.test.InlineExpectationsTest
module Impl implements InlineExpectationsTestSig {
private import javascript
class ExpectationComment extends LineComment {
final private class LineCommentFinal = LineComment;
class ExpectationComment extends LineCommentFinal {
string getContents() { result = this.getText() }
/** Gets this element's location. */
Location getLocation() { result = super.getLocation() }
}
class Location = JS::Location;