hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into js/shared-dataflow

Browse Source
This commit is contained in:
Asger F
2024-05-02 19:43:34 +02:00
parent 711a08b0d4 f7113e0105
commit c408ab9e6a
3600 changed files with 156789 additions and 319781 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/test/query-tests/Expressions/UnknownDirective/UnknownDirective.expected
View File

@@ -11,7 +11,7 @@
| UnknownDirective.js:12:5:12:17 | "use struct;" | Unknown directive: 'use struct;'. |
| UnknownDirective.js:13:5:13:17 | "Use Strict"; | Unknown directive: 'Use Strict'. |
| UnknownDirective.js:14:5:14:14 | "use bar"; | Unknown directive: 'use bar'. |
| UnknownDirective.js:38:5:38:17 | "[0, 0, 0];"; | Unknown directive: '[0, 0, 0];'. |
| UnknownDirective.js:39:5:39:65 | "[0, 0, ... , 0];"; | Unknown directive: '[0, 0, 0, 0, 0, 0, 0 ... (truncated)'. |
| UnknownDirective.js:45:5:45:15 | ":nomunge"; | Unknown directive: ':nomunge'. |
| UnknownDirective.js:46:5:46:30 | "foo(), ... munge"; | Unknown directive: 'foo(), bar, baz:nomu ... (truncated)'. |
| UnknownDirective.js:40:5:40:17 | "[0, 0, 0];"; | Unknown directive: '[0, 0, 0];'. |
| UnknownDirective.js:41:5:41:65 | "[0, 0, ... , 0];"; | Unknown directive: '[0, 0, 0, 0, 0, 0, 0 ... (truncated)'. |
| UnknownDirective.js:47:5:47:15 | ":nomunge"; | Unknown directive: ':nomunge'. |
| UnknownDirective.js:48:5:48:30 | "foo(), ... munge"; | Unknown directive: 'foo(), bar, baz:nomu ... (truncated)'. |

6
javascript/ql/test/query-tests/Expressions/UnknownDirective/UnknownDirective.js
View File

@@ -32,6 +32,8 @@ function good() {
"ngNoInject"; // OK
"deps foo"; // OK
"deps bar"; // OK
"use server"; // OK
"use client"; // OK
}
function data() {
@@ -46,6 +48,6 @@ function yui() {
"foo(), bar, baz:nomunge"; // NOT OK
}
function babel_typeof(obj) {
function babel_typeof(obj) {
"@babel/helpers - typeof"
}
}

622
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected
View File

@@ -1,304 +1,484 @@
nodes
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id |
| ReflectedXss.js:8:33:8:45 | req.params.id |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id |
| ReflectedXss.js:17:31:17:39 | params.id |
| ReflectedXss.js:22:12:22:19 | req.body |
| ReflectedXss.js:22:12:22:19 | req.body |
| ReflectedXss.js:22:12:22:19 | req.body |
| ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body |
| ReflectedXss.js:23:19:23:26 | req.body |
| ReflectedXss.js:29:12:29:19 | req.body |
| ReflectedXss.js:29:12:29:19 | req.body |
| ReflectedXss.js:29:12:29:19 | req.body |
| ReflectedXss.js:30:7:33:4 | mytable |
| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) |
| ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] |
| ReflectedXss.js:32:5:32:22 | ['body', req.body] |
| ReflectedXss.js:32:14:32:21 | req.body |
| ReflectedXss.js:32:14:32:21 | req.body |
| ReflectedXss.js:34:12:34:18 | mytable |
| ReflectedXss.js:34:12:34:18 | mytable |
| ReflectedXss.js:41:12:41:19 | req.body |
| ReflectedXss.js:41:12:41:19 | req.body |
| ReflectedXss.js:41:12:41:19 | req.body |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body |
| ReflectedXss.js:42:31:42:38 | req.body |
| ReflectedXss.js:56:12:56:19 | req.body |
| ReflectedXss.js:56:12:56:19 | req.body |
| ReflectedXss.js:56:12:56:19 | req.body |
| ReflectedXss.js:64:14:64:21 | req.body |
| ReflectedXss.js:64:14:64:21 | req.body |
| ReflectedXss.js:64:39:64:42 | file |
| ReflectedXss.js:65:16:65:19 | file |
| ReflectedXss.js:65:16:65:19 | file |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) |
| ReflectedXss.js:68:12:68:52 | remark( ... tring() |
| ReflectedXss.js:68:12:68:52 | remark( ... tring() |
| ReflectedXss.js:68:33:68:40 | req.body |
| ReflectedXss.js:68:33:68:40 | req.body |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) |
| ReflectedXss.js:72:12:72:65 | unified ... oString |
| ReflectedXss.js:72:12:72:65 | unified ... oString |
| ReflectedXss.js:72:48:72:55 | req.body |
| ReflectedXss.js:72:48:72:55 | req.body |
| ReflectedXss.js:74:20:74:27 | req.body |
| ReflectedXss.js:74:20:74:27 | req.body |
| ReflectedXss.js:74:34:74:34 | f |
| ReflectedXss.js:75:14:75:14 | f |
| ReflectedXss.js:75:14:75:14 | f |
| ReflectedXss.js:83:12:83:19 | req.body |
| ReflectedXss.js:83:12:83:19 | req.body |
| ReflectedXss.js:83:12:83:19 | req.body |
| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body |
| ReflectedXss.js:84:22:84:29 | req.body |
| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body |
| ReflectedXss.js:85:23:85:30 | req.body |
| ReflectedXss.js:97:12:97:19 | req.body |
| ReflectedXss.js:97:12:97:19 | req.body |
| ReflectedXss.js:97:12:97:19 | req.body |
| ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body |
| ReflectedXss.js:98:30:98:37 | req.body |
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body |
| ReflectedXss.js:100:31:100:38 | req.body |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body |
| ReflectedXss.js:103:76:103:83 | req.body |
| ReflectedXss.js:110:16:110:30 | request.query.p |
| ReflectedXss.js:110:16:110:30 | request.query.p |
| ReflectedXss.js:110:16:110:30 | request.query.p |
| ReflectedXss.js:114:11:114:41 | queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys |
| ReflectedXss.js:116:11:116:45 | keys |
| ReflectedXss.js:116:18:116:26 | queryKeys |
| ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys |
| ReflectedXss.js:118:11:118:61 | keyArray |
| ReflectedXss.js:118:22:118:61 | typeof ... : keys |
| ReflectedXss.js:118:49:118:54 | [keys] |
| ReflectedXss.js:118:50:118:53 | keys |
| ReflectedXss.js:118:58:118:61 | keys |
| ReflectedXss.js:119:11:119:72 | invalidKeys |
| ReflectedXss.js:119:25:119:32 | keyArray |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` |
| ReflectedXss.js:122:33:122:43 | invalidKeys |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id |
| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id |
| ReflectedXssGood3.js:135:9:135:27 | url |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id |
| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| ReflectedXssGood3.js:139:24:139:26 | url |
| etherpad.js:9:5:9:53 | response |
| etherpad.js:9:16:9:30 | req.query.jsonp |
| etherpad.js:9:16:9:30 | req.query.jsonp |
| etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:11:12:11:19 | response |
| etherpad.js:11:12:11:19 | response |
| formatting.js:4:9:4:29 | evil |
| formatting.js:4:16:4:29 | req.query.evil |
| formatting.js:4:16:4:29 | req.query.evil |
| formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:6:43:6:46 | evil |
| formatting.js:7:14:7:53 | require ... , evil) |
| formatting.js:7:14:7:53 | require ... , evil) |
| formatting.js:7:49:7:52 | evil |
| live-server.js:4:11:4:27 | tainted |
| live-server.js:4:21:4:27 | req.url |
| live-server.js:4:21:4:27 | req.url |
| live-server.js:6:13:6:50 | `<html> ... /html>` |
| live-server.js:6:13:6:50 | `<html> ... /html>` |
| live-server.js:6:28:6:34 | tainted |
| live-server.js:10:11:10:27 | tainted |
| live-server.js:10:21:10:27 | req.url |
| live-server.js:10:21:10:27 | req.url |
| live-server.js:12:13:12:50 | `<html> ... /html>` |
| live-server.js:12:13:12:50 | `<html> ... /html>` |
| live-server.js:12:28:12:34 | tainted |
| pages/Next.jsx:8:13:8:19 | req.url |
| pages/Next.jsx:8:13:8:19 | req.url |
| pages/Next.jsx:8:13:8:19 | req.url |
| pages/Next.jsx:15:13:15:19 | req.url |
| pages/Next.jsx:15:13:15:19 | req.url |
| pages/Next.jsx:15:13:15:19 | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url |
| partial.js:9:25:9:25 | x |
| partial.js:10:14:10:14 | x |
| partial.js:10:14:10:18 | x + y |
| partial.js:10:14:10:18 | x + y |
| partial.js:13:42:13:48 | req.url |
| partial.js:13:42:13:48 | req.url |
| partial.js:18:25:18:25 | x |
| partial.js:19:14:19:14 | x |
| partial.js:19:14:19:18 | x + y |
| partial.js:19:14:19:18 | x + y |
| partial.js:22:51:22:57 | req.url |
| partial.js:22:51:22:57 | req.url |
| partial.js:27:25:27:25 | x |
| partial.js:28:14:28:14 | x |
| partial.js:28:14:28:18 | x + y |
| partial.js:28:14:28:18 | x + y |
| partial.js:31:47:31:53 | req.url |
| partial.js:31:47:31:53 | req.url |
| partial.js:36:25:36:25 | x |
| partial.js:37:14:37:14 | x |
| partial.js:37:14:37:18 | x + y |
| partial.js:37:14:37:18 | x + y |
| partial.js:40:43:40:49 | req.url |
| partial.js:40:43:40:49 | req.url |
| promises.js:5:3:5:59 | new Pro ... .data)) |
| promises.js:5:44:5:57 | req.query.data |
| promises.js:5:44:5:57 | req.query.data |
| promises.js:6:11:6:11 | x |
| promises.js:6:25:6:25 | x |
| promises.js:6:25:6:25 | x |
| tst2.js:6:7:6:30 | p |
| tst2.js:6:7:6:30 | r |
| tst2.js:6:9:6:9 | p |
| tst2.js:6:9:6:9 | p |
| tst2.js:6:12:6:15 | q: r |
| tst2.js:6:12:6:15 | q: r |
| tst2.js:7:12:7:12 | p |
| tst2.js:7:12:7:12 | p |
| tst2.js:8:12:8:12 | r |
| tst2.js:8:12:8:12 | r |
| tst2.js:14:7:14:24 | p |
| tst2.js:14:9:14:9 | p |
| tst2.js:14:9:14:9 | p |
| tst2.js:18:12:18:12 | p |
| tst2.js:18:12:18:12 | p |
| tst2.js:21:14:21:14 | p |
| tst2.js:21:14:21:14 | p |
| tst2.js:30:7:30:24 | p |
| tst2.js:30:9:30:9 | p |
| tst2.js:30:9:30:9 | p |
| tst2.js:33:11:33:11 | p |
| tst2.js:36:12:36:12 | p |
| tst2.js:36:12:36:12 | p |
| tst2.js:37:12:37:18 | other.p |
| tst2.js:37:12:37:18 | other.p |
| tst2.js:43:7:43:24 | p |
| tst2.js:43:9:43:9 | p |
| tst2.js:43:9:43:9 | p |
| tst2.js:49:7:49:53 | unsafe |
| tst2.js:49:16:49:53 | seriali ... true}) |
| tst2.js:49:36:49:36 | p |
| tst2.js:51:12:51:17 | unsafe |
| tst2.js:51:12:51:17 | unsafe |
| tst2.js:57:7:57:24 | p |
| tst2.js:57:9:57:9 | p |
| tst2.js:57:9:57:9 | p |
| tst2.js:60:11:60:11 | p |
| tst2.js:63:12:63:12 | p |
| tst2.js:63:12:63:12 | p |
| tst2.js:64:12:64:18 | other.p |
| tst2.js:64:12:64:18 | other.p |
| tst2.js:69:7:69:24 | p |
| tst2.js:69:9:69:9 | p |
| tst2.js:69:9:69:9 | p |
| tst2.js:72:11:72:11 | p |
| tst2.js:75:12:75:12 | p |
| tst2.js:75:12:75:12 | p |
| tst2.js:76:12:76:18 | other.p |
| tst2.js:76:12:76:18 | other.p |
| tst2.js:82:7:82:24 | p |
| tst2.js:82:9:82:9 | p |
| tst2.js:82:9:82:9 | p |
| tst2.js:85:11:85:11 | p |
| tst2.js:88:12:88:12 | p |
| tst2.js:88:12:88:12 | p |
| tst2.js:89:12:89:18 | other.p |
| tst2.js:89:12:89:18 | other.p |
| tst3.js:5:7:5:24 | p |
| tst3.js:5:9:5:9 | p |
| tst3.js:5:9:5:9 | p |
| tst3.js:6:12:6:12 | p |
| tst3.js:6:12:6:12 | p |
| tst3.js:11:9:11:74 | code |
| tst3.js:11:16:11:74 | prettie ... bel" }) |
| tst3.js:11:32:11:39 | reg.body |
| tst3.js:11:32:11:39 | reg.body |
| tst3.js:12:12:12:15 | code |
| tst3.js:12:12:12:15 | code |
edges
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body |
| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable |
| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable |
| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | ReflectedXss.js:30:7:33:4 | mytable |
| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) |
| ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] | ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) |
| ReflectedXss.js:32:5:32:22 | ['body', req.body] | ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] |
| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:32:5:32:22 | ['body', req.body] |
| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:32:5:32:22 | ['body', req.body] |
| ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body |
| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file |
| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file |
| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file |
| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() |
| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) |
| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString |
| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) |
| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) |
| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f |
| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f |
| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f |
| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f |
| ReflectedXss.js:83:12:83:19 | req.body | ReflectedXss.js:83:12:83:19 | req.body |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:97:12:97:19 | req.body | ReflectedXss.js:97:12:97:19 | req.body |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p |
| ReflectedXss.js:114:11:114:41 | queryKeys | ReflectedXss.js:116:18:116:26 | queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys |
| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:50:118:53 | keys |
| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:58:118:61 | keys |
| ReflectedXss.js:116:18:116:26 | queryKeys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys |
| ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | ReflectedXss.js:116:11:116:45 | keys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys |
| ReflectedXss.js:118:11:118:61 | keyArray | ReflectedXss.js:119:25:119:32 | keyArray |
| ReflectedXss.js:118:22:118:61 | typeof ... : keys | ReflectedXss.js:118:11:118:61 | keyArray |
| ReflectedXss.js:118:49:118:54 | [keys] | ReflectedXss.js:118:22:118:61 | typeof ... : keys |
| ReflectedXss.js:118:50:118:53 | keys | ReflectedXss.js:118:49:118:54 | [keys] |
| ReflectedXss.js:118:58:118:61 | keys | ReflectedXss.js:118:22:118:61 | typeof ... : keys |
| ReflectedXss.js:119:11:119:72 | invalidKeys | ReflectedXss.js:122:33:122:43 | invalidKeys |
| ReflectedXss.js:119:25:119:32 | keyArray | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | ReflectedXss.js:119:11:119:72 | invalidKeys |
| ReflectedXss.js:122:33:122:43 | invalidKeys | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:77:16:77:20 | value |
| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:105:18:105:22 | value |
| ReflectedXssGood3.js:77:7:77:37 | parts | ReflectedXssGood3.js:108:10:108:14 | parts |
| ReflectedXssGood3.js:77:16:77:20 | value | ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) |
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:77:7:77:37 | parts |
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:108:10:108:23 | parts.join('') |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:77:7:77:37 | parts |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:108:10:108:23 | parts.join('') |
| ReflectedXssGood3.js:105:18:105:22 | value | ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) |
| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | ReflectedXssGood3.js:105:7:105:11 | [post update] parts |
| ReflectedXssGood3.js:108:10:108:14 | parts | ReflectedXssGood3.js:108:10:108:23 | parts.join('') |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssGood3.js:135:9:135:27 | url | ReflectedXssGood3.js:139:24:139:26 | url |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url |
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url |
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:5:9:53 | response |
| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:9:16:9:53 | req.que ... e + ")" | etherpad.js:9:5:9:53 | response |
| formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil |
| formatting.js:4:9:4:29 | evil | formatting.js:7:49:7:52 | evil |
| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil |
| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil |
| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) |
| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) |
| live-server.js:4:11:4:27 | tainted | live-server.js:6:28:6:34 | tainted |
| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted |
| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted |
| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | `<html> ... /html>` |
| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | `<html> ... /html>` |
| live-server.js:10:11:10:27 | tainted | live-server.js:12:28:12:34 | tainted |
| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted |
| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted |
| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | `<html> ... /html>` |
| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | `<html> ... /html>` |
| pages/Next.jsx:8:13:8:19 | req.url | pages/Next.jsx:8:13:8:19 | req.url |
| pages/Next.jsx:15:13:15:19 | req.url | pages/Next.jsx:15:13:15:19 | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url | pages/api/myapi.js:2:14:2:20 | req.url |
| partial.js:9:25:9:25 | x | partial.js:10:14:10:14 | x |
| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y |
| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y |
| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x |
| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x |
| partial.js:18:25:18:25 | x | partial.js:19:14:19:14 | x |
| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y |
| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y |
| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x |
| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x |
| partial.js:27:25:27:25 | x | partial.js:28:14:28:14 | x |
| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y |
| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y |
| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x |
| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x |
| partial.js:36:25:36:25 | x | partial.js:37:14:37:14 | x |
| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y |
| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y |
| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x |
| promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | promises.js:6:11:6:11 | x |
| promises.js:5:36:5:42 | [post update] resolve [resolve-value] | promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] |
| promises.js:5:44:5:57 | req.query.data | promises.js:5:36:5:42 | [post update] resolve [resolve-value] |
| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x |
| promises.js:5:3:5:59 | new Pro ... .data)) | promises.js:6:11:6:11 | x |
| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) |
| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) |
| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x |
| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p |
| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p |
| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r |
| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r |
| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p |
| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p |
| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r |
| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r |
| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p |
| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p |
| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p |
| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p |
| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p |
| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p |
| tst2.js:30:7:30:24 | p | tst2.js:33:11:33:11 | p |
| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p |
| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p |
| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p |
| tst2.js:32:7:32:14 | obj [p] | tst2.js:34:21:34:23 | obj [p] |
| tst2.js:33:3:33:5 | [post update] obj [p] | tst2.js:32:7:32:14 | obj [p] |
| tst2.js:33:11:33:11 | p | tst2.js:33:3:33:5 | [post update] obj [p] |
| tst2.js:34:7:34:24 | other [p] | tst2.js:37:12:37:16 | other [p] |
| tst2.js:34:15:34:24 | clone(obj) [p] | tst2.js:34:7:34:24 | other [p] |
| tst2.js:34:21:34:23 | obj [p] | tst2.js:34:15:34:24 | clone(obj) [p] |
| tst2.js:37:12:37:16 | other [p] | tst2.js:37:12:37:18 | other.p |
| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p |
| tst2.js:33:11:33:11 | p | tst2.js:37:12:37:18 | other.p |
| tst2.js:33:11:33:11 | p | tst2.js:37:12:37:18 | other.p |
| tst2.js:43:7:43:24 | p | tst2.js:49:36:49:36 | p |
| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p |
| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p |
| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe |
| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe |
| tst2.js:49:16:49:53 | seriali ... true}) | tst2.js:49:7:49:53 | unsafe |
| tst2.js:49:36:49:36 | p | tst2.js:49:16:49:53 | seriali ... true}) |
| tst2.js:57:7:57:24 | p | tst2.js:60:11:60:11 | p |
| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p |
| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p |
| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p |
| tst2.js:59:7:59:14 | obj [p] | tst2.js:61:22:61:24 | obj [p] |
| tst2.js:60:3:60:5 | [post update] obj [p] | tst2.js:59:7:59:14 | obj [p] |
| tst2.js:60:11:60:11 | p | tst2.js:60:3:60:5 | [post update] obj [p] |
| tst2.js:61:7:61:25 | other [p] | tst2.js:64:12:64:16 | other [p] |
| tst2.js:61:15:61:25 | fclone(obj) [p] | tst2.js:61:7:61:25 | other [p] |
| tst2.js:61:22:61:24 | obj [p] | tst2.js:61:15:61:25 | fclone(obj) [p] |
| tst2.js:64:12:64:16 | other [p] | tst2.js:64:12:64:18 | other.p |
| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p |
| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p |
| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p |
| tst2.js:69:7:69:24 | p | tst2.js:72:11:72:11 | p |
| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p |
| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p |
| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p |
| tst2.js:71:7:71:14 | obj [p] | tst2.js:73:40:73:42 | obj [p] |
| tst2.js:72:3:72:5 | [post update] obj [p] | tst2.js:71:7:71:14 | obj [p] |
| tst2.js:72:11:72:11 | p | tst2.js:72:3:72:5 | [post update] obj [p] |
| tst2.js:73:7:73:44 | other [p] | tst2.js:76:12:76:16 | other [p] |
| tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | tst2.js:73:7:73:44 | other [p] |
| tst2.js:73:29:73:43 | jc.decycle(obj) [p] | tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] |
| tst2.js:73:40:73:42 | obj [p] | tst2.js:73:29:73:43 | jc.decycle(obj) [p] |
| tst2.js:76:12:76:16 | other [p] | tst2.js:76:12:76:18 | other.p |
| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p |
| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p |
| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p |
| tst2.js:82:7:82:24 | p | tst2.js:85:11:85:11 | p |
| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p |
| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p |
| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p |
| tst2.js:84:7:84:14 | obj [p] | tst2.js:86:24:86:26 | obj [p] |
| tst2.js:85:3:85:5 | [post update] obj [p] | tst2.js:84:7:84:14 | obj [p] |
| tst2.js:85:11:85:11 | p | tst2.js:85:3:85:5 | [post update] obj [p] |
| tst2.js:86:7:86:27 | other [p] | tst2.js:89:12:89:16 | other [p] |
| tst2.js:86:15:86:27 | sortKeys(obj) [p] | tst2.js:86:7:86:27 | other [p] |
| tst2.js:86:24:86:26 | obj [p] | tst2.js:86:15:86:27 | sortKeys(obj) [p] |
| tst2.js:89:12:89:16 | other [p] | tst2.js:89:12:89:18 | other.p |
| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p |
| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p |
| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p |
| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p |
| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p |
| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p |
| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p |
| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code |
| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code |
| tst3.js:11:16:11:74 | prettie ... bel" }) | tst3.js:11:9:11:74 | code |
| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) |
nodes
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | semmle.label | req.params.id |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | semmle.label | params.id |
| ReflectedXss.js:22:12:22:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:23:12:23:27 | marked(req.body) | semmle.label | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body | semmle.label | req.body |
| ReflectedXss.js:29:12:29:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:30:7:33:4 | mytable | semmle.label | mytable |
| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | semmle.label | table([ ... y]\\n ]) |
| ReflectedXss.js:32:14:32:21 | req.body | semmle.label | req.body |
| ReflectedXss.js:34:12:34:18 | mytable | semmle.label | mytable |
| ReflectedXss.js:41:12:41:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) | semmle.label | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body | semmle.label | req.body |
| ReflectedXss.js:56:12:56:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:64:14:64:21 | req.body | semmle.label | req.body |
| ReflectedXss.js:64:39:64:42 | file | semmle.label | file |
| ReflectedXss.js:65:16:65:19 | file | semmle.label | file |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | semmle.label | remark( ... q.body) |
| ReflectedXss.js:68:12:68:52 | remark( ... tring() | semmle.label | remark( ... tring() |
| ReflectedXss.js:68:33:68:40 | req.body | semmle.label | req.body |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) | semmle.label | unified ... q.body) |
| ReflectedXss.js:72:12:72:65 | unified ... oString | semmle.label | unified ... oString |
| ReflectedXss.js:72:48:72:55 | req.body | semmle.label | req.body |
| ReflectedXss.js:74:20:74:27 | req.body | semmle.label | req.body |
| ReflectedXss.js:74:34:74:34 | f | semmle.label | f |
| ReflectedXss.js:75:14:75:14 | f | semmle.label | f |
| ReflectedXss.js:83:12:83:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | semmle.label | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body | semmle.label | req.body |
| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | semmle.label | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | semmle.label | req.body |
| ReflectedXss.js:97:12:97:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | semmle.label | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body | semmle.label | req.body |
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | semmle.label | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | semmle.label | req.body |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | semmle.label | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | semmle.label | req.body |
| ReflectedXss.js:110:16:110:30 | request.query.p | semmle.label | request.query.p |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | semmle.label | req.params.id |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | semmle.label | req.params.id |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | semmle.label | req.params.id |
| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | semmle.label | req.params.id |
| ReflectedXssGood3.js:68:22:68:26 | value | semmle.label | value |
| ReflectedXssGood3.js:77:7:77:37 | parts | semmle.label | parts |
| ReflectedXssGood3.js:77:16:77:20 | value | semmle.label | value |
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | semmle.label | value.s ... g(0, i) |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | semmle.label | [post update] parts |
| ReflectedXssGood3.js:105:18:105:22 | value | semmle.label | value |
| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | semmle.label | value.s ... g(j, i) |
| ReflectedXssGood3.js:108:10:108:14 | parts | semmle.label | parts |
| ReflectedXssGood3.js:108:10:108:23 | parts.join('') | semmle.label | parts.join('') |
| ReflectedXssGood3.js:135:9:135:27 | url | semmle.label | url |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id | semmle.label | req.params.id |
| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | semmle.label | escapeHtml3(url) |
| ReflectedXssGood3.js:139:24:139:26 | url | semmle.label | url |
| etherpad.js:9:5:9:53 | response | semmle.label | response |
| etherpad.js:9:16:9:30 | req.query.jsonp | semmle.label | req.query.jsonp |
| etherpad.js:11:12:11:19 | response | semmle.label | response |
| formatting.js:4:9:4:29 | evil | semmle.label | evil |
| formatting.js:4:16:4:29 | req.query.evil | semmle.label | req.query.evil |
| formatting.js:6:14:6:47 | util.fo ... , evil) | semmle.label | util.fo ... , evil) |
| formatting.js:6:43:6:46 | evil | semmle.label | evil |
| formatting.js:7:14:7:53 | require ... , evil) | semmle.label | require ... , evil) |
| formatting.js:7:49:7:52 | evil | semmle.label | evil |
| live-server.js:4:11:4:27 | tainted | semmle.label | tainted |
| live-server.js:4:21:4:27 | req.url | semmle.label | req.url |
| live-server.js:6:13:6:50 | `<html> ... /html>` | semmle.label | `<html> ... /html>` |
| live-server.js:6:28:6:34 | tainted | semmle.label | tainted |
| live-server.js:10:11:10:27 | tainted | semmle.label | tainted |
| live-server.js:10:21:10:27 | req.url | semmle.label | req.url |
| live-server.js:12:13:12:50 | `<html> ... /html>` | semmle.label | `<html> ... /html>` |
| live-server.js:12:28:12:34 | tainted | semmle.label | tainted |
| pages/Next.jsx:8:13:8:19 | req.url | semmle.label | req.url |
| pages/Next.jsx:15:13:15:19 | req.url | semmle.label | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url | semmle.label | req.url |
| partial.js:9:25:9:25 | x | semmle.label | x |
| partial.js:10:14:10:14 | x | semmle.label | x |
| partial.js:10:14:10:18 | x + y | semmle.label | x + y |
| partial.js:13:42:13:48 | req.url | semmle.label | req.url |
| partial.js:18:25:18:25 | x | semmle.label | x |
| partial.js:19:14:19:14 | x | semmle.label | x |
| partial.js:19:14:19:18 | x + y | semmle.label | x + y |
| partial.js:22:51:22:57 | req.url | semmle.label | req.url |
| partial.js:27:25:27:25 | x | semmle.label | x |
| partial.js:28:14:28:14 | x | semmle.label | x |
| partial.js:28:14:28:18 | x + y | semmle.label | x + y |
| partial.js:31:47:31:53 | req.url | semmle.label | req.url |
| partial.js:36:25:36:25 | x | semmle.label | x |
| partial.js:37:14:37:14 | x | semmle.label | x |
| partial.js:37:14:37:18 | x + y | semmle.label | x + y |
| partial.js:40:43:40:49 | req.url | semmle.label | req.url |
| promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | semmle.label | new Pro ... .data)) [PromiseValue] |
| promises.js:5:36:5:42 | [post update] resolve [resolve-value] | semmle.label | [post update] resolve [resolve-value] |
| promises.js:5:44:5:57 | req.query.data | semmle.label | req.query.data |
| promises.js:6:11:6:11 | x | semmle.label | x |
| promises.js:6:25:6:25 | x | semmle.label | x |
| tst2.js:6:7:6:30 | p | semmle.label | p |
| tst2.js:6:7:6:30 | r | semmle.label | r |
| tst2.js:6:9:6:9 | p | semmle.label | p |
| tst2.js:6:12:6:15 | q: r | semmle.label | q: r |
| tst2.js:7:12:7:12 | p | semmle.label | p |
| tst2.js:8:12:8:12 | r | semmle.label | r |
| tst2.js:14:7:14:24 | p | semmle.label | p |
| tst2.js:14:9:14:9 | p | semmle.label | p |
| tst2.js:18:12:18:12 | p | semmle.label | p |
| tst2.js:21:14:21:14 | p | semmle.label | p |
| tst2.js:30:7:30:24 | p | semmle.label | p |
| tst2.js:30:9:30:9 | p | semmle.label | p |
| tst2.js:32:7:32:14 | obj [p] | semmle.label | obj [p] |
| tst2.js:33:3:33:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
| tst2.js:33:11:33:11 | p | semmle.label | p |
| tst2.js:34:7:34:24 | other [p] | semmle.label | other [p] |
| tst2.js:34:15:34:24 | clone(obj) [p] | semmle.label | clone(obj) [p] |
| tst2.js:34:21:34:23 | obj [p] | semmle.label | obj [p] |
| tst2.js:36:12:36:12 | p | semmle.label | p |
| tst2.js:37:12:37:16 | other [p] | semmle.label | other [p] |
| tst2.js:37:12:37:18 | other.p | semmle.label | other.p |
| tst2.js:43:7:43:24 | p | semmle.label | p |
| tst2.js:43:9:43:9 | p | semmle.label | p |
| tst2.js:49:7:49:53 | unsafe | semmle.label | unsafe |
| tst2.js:49:16:49:53 | seriali ... true}) | semmle.label | seriali ... true}) |
| tst2.js:49:36:49:36 | p | semmle.label | p |
| tst2.js:51:12:51:17 | unsafe | semmle.label | unsafe |
| tst2.js:57:7:57:24 | p | semmle.label | p |
| tst2.js:57:9:57:9 | p | semmle.label | p |
| tst2.js:59:7:59:14 | obj [p] | semmle.label | obj [p] |
| tst2.js:60:3:60:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
| tst2.js:60:11:60:11 | p | semmle.label | p |
| tst2.js:61:7:61:25 | other [p] | semmle.label | other [p] |
| tst2.js:61:15:61:25 | fclone(obj) [p] | semmle.label | fclone(obj) [p] |
| tst2.js:61:22:61:24 | obj [p] | semmle.label | obj [p] |
| tst2.js:63:12:63:12 | p | semmle.label | p |
| tst2.js:64:12:64:16 | other [p] | semmle.label | other [p] |
| tst2.js:64:12:64:18 | other.p | semmle.label | other.p |
| tst2.js:69:7:69:24 | p | semmle.label | p |
| tst2.js:69:9:69:9 | p | semmle.label | p |
| tst2.js:71:7:71:14 | obj [p] | semmle.label | obj [p] |
| tst2.js:72:3:72:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
| tst2.js:72:11:72:11 | p | semmle.label | p |
| tst2.js:73:7:73:44 | other [p] | semmle.label | other [p] |
| tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | semmle.label | jc.retr ... e(obj)) [p] |
| tst2.js:73:29:73:43 | jc.decycle(obj) [p] | semmle.label | jc.decycle(obj) [p] |
| tst2.js:73:40:73:42 | obj [p] | semmle.label | obj [p] |
| tst2.js:75:12:75:12 | p | semmle.label | p |
| tst2.js:76:12:76:16 | other [p] | semmle.label | other [p] |
| tst2.js:76:12:76:18 | other.p | semmle.label | other.p |
| tst2.js:82:7:82:24 | p | semmle.label | p |
| tst2.js:82:9:82:9 | p | semmle.label | p |
| tst2.js:84:7:84:14 | obj [p] | semmle.label | obj [p] |
| tst2.js:85:3:85:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
| tst2.js:85:11:85:11 | p | semmle.label | p |
| tst2.js:86:7:86:27 | other [p] | semmle.label | other [p] |
| tst2.js:86:15:86:27 | sortKeys(obj) [p] | semmle.label | sortKeys(obj) [p] |
| tst2.js:86:24:86:26 | obj [p] | semmle.label | obj [p] |
| tst2.js:88:12:88:12 | p | semmle.label | p |
| tst2.js:89:12:89:16 | other [p] | semmle.label | other [p] |
| tst2.js:89:12:89:18 | other.p | semmle.label | other.p |
| tst3.js:5:7:5:24 | p | semmle.label | p |
| tst3.js:5:9:5:9 | p | semmle.label | p |
| tst3.js:6:12:6:12 | p | semmle.label | p |
| tst3.js:11:9:11:74 | code | semmle.label | code |
| tst3.js:11:16:11:74 | prettie ... bel" }) | semmle.label | prettie ... bel" }) |
| tst3.js:11:32:11:39 | reg.body | semmle.label | reg.body |
| tst3.js:12:12:12:15 | code | semmle.label | code |
subpaths
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) |
#select
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:17:31:17:39 | params.id | user-provided value |
@@ -321,6 +501,8 @@ subpaths
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:100:31:100:38 | req.body | user-provided value |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:103:76:103:83 | req.body | user-provided value |
| ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:110:16:110:30 | request.query.p | user-provided value |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:114:13:114:27 | keys: queryKeys | user-provided value |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:116:31:116:45 | paramKeys?.keys | user-provided value |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | user-provided value |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | user-provided value |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | user-provided value |

14
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.js
View File

@@ -109,3 +109,17 @@ hapi.route({
handler: function (request){
return request.query.p; // NOT OK
}});
app.get("invalid/keys/:id", async (req, res) => {
const { keys: queryKeys } = req.query;
const paramKeys = req.params;
const keys = queryKeys || paramKeys?.keys;
const keyArray = typeof keys === 'string' ? [keys] : keys;
const invalidKeys = keyArray.filter(key => !whitelist.includes(key));
if (invalidKeys.length) {
res.status(400).send(`${invalidKeys.join(', ')} not in whitelist`);
return;
}
});

2
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected
View File

@@ -19,6 +19,8 @@
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:100:31:100:38 | req.body | user-provided value |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:103:76:103:83 | req.body | user-provided value |
| ReflectedXss.js:110:16:110:30 | request.query.p | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:110:16:110:30 | request.query.p | user-provided value |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:114:13:114:27 | keys: queryKeys | user-provided value |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:116:31:116:45 | paramKeys?.keys | user-provided value |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | user-provided value |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | user-provided value |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | user-provided value |