hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: Port PolynomialReDoS

Browse Source
This commit is contained in:
Asger F
2023-10-05 09:26:50 +02:00
parent b8847dbc5d
commit c55300d4b0
4 changed files with 444 additions and 324 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll
View File

@@ -46,6 +46,21 @@ module PolynomialReDoS {
*/
abstract class Sanitizer extends DataFlow::Node { }
/**
* A barrier guard for polynomial regular expression denial-of-service attacks.
*/
abstract class BarrierGuard extends DataFlow::Node {
/**
* Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`.
*/
predicate blocksExpr(boolean outcome, Expr e) { none() }
}
/** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */
abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode {
override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) }
}
/**
* A remote input to a server, seen as a source for polynomial
* regular expression denial-of-service vulnerabilities.
@@ -118,7 +133,7 @@ module PolynomialReDoS {
/**
* An check on the length of a string, seen as a sanitizer guard.
*/
class LengthGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode {
class LengthGuard extends BarrierGuardLegacy, DataFlow::ValueNode {
DataFlow::Node input;
boolean polarity;
@@ -133,7 +148,7 @@ module PolynomialReDoS {
)
}
override predicate sanitizes(boolean outcome, Expr e) {
override predicate blocksExpr(boolean outcome, Expr e) {
outcome = polarity and
e = input.asExpr()
}

26
javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll
View File

@@ -11,7 +11,31 @@ import javascript
import PolynomialReDoSCustomizations::PolynomialReDoS
/** A taint-tracking configuration for reasoning about polynomial regular expression denial-of-service attacks. */
class Configuration extends TaintTracking::Configuration {
module PolynomialReDoSConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof Source }
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
predicate isBarrier(DataFlow::Node node) {
node instanceof Sanitizer or node = DataFlow::MakeBarrierGuard<BarrierGuard>::getABarrierNode()
}
DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext }
predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
none()
// TODO: localFieldStep is too expensive with dataflow2
// DataFlow::localFieldStep(pred, succ)
}
}
/** Taint-tracking for reasoning about polynomial regular expression denial-of-service attacks. */
module PolynomialReDoSFlow = TaintTracking::Global<PolynomialReDoSConfig>;
/**
* DEPRECATED. Use the `PolynomialReDoSFlow` module instead.
*/
deprecated class Configuration extends TaintTracking::Configuration {
Configuration() { this = "PolynomialReDoS" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }

6
javascript/ql/src/Performance/PolynomialReDoS.ql
View File

@@ -15,13 +15,13 @@
import javascript
import semmle.javascript.security.regexp.PolynomialReDoSQuery
import DataFlow::PathGraph
import PolynomialReDoSFlow::PathGraph
from
Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode,
PolynomialReDoSFlow::PathNode source, PolynomialReDoSFlow::PathNode sink, Sink sinkNode,
PolynomialBackTrackingTerm regexp
where
cfg.hasFlowPath(source, sink) and
PolynomialReDoSFlow::flowPath(source, sink) and
sinkNode = sink.getNode() and
regexp = sinkNode.getRegExp() and
not (

717
javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected
View File

@@ -1,341 +1,32 @@
nodes
| lib/closure.js:3:21:3:21 | x |
| lib/closure.js:3:21:3:21 | x |
| lib/closure.js:4:16:4:16 | x |
| lib/closure.js:4:16:4:16 | x |
| lib/indirect.js:1:32:1:32 | x |
| lib/indirect.js:1:32:1:32 | x |
| lib/indirect.js:2:16:2:16 | x |
| lib/indirect.js:2:16:2:16 | x |
| lib/lib.js:3:28:3:31 | name |
| lib/lib.js:3:28:3:31 | name |
| lib/lib.js:4:14:4:17 | name |
| lib/lib.js:4:14:4:17 | name |
| lib/lib.js:7:19:7:22 | name |
| lib/lib.js:7:19:7:22 | name |
| lib/lib.js:8:13:8:16 | name |
| lib/lib.js:8:13:8:16 | name |
| lib/lib.js:21:14:21:14 | x |
| lib/lib.js:21:14:21:14 | x |
| lib/lib.js:22:9:22:9 | x |
| lib/lib.js:27:6:27:19 | y |
| lib/lib.js:27:10:27:19 | id("safe") |
| lib/lib.js:28:13:28:13 | y |
| lib/lib.js:28:13:28:13 | y |
| lib/lib.js:32:32:32:40 | arguments |
| lib/lib.js:32:32:32:40 | arguments |
| lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments |
| lib/lib.js:35:28:35:31 | name |
| lib/lib.js:36:13:36:16 | name |
| lib/lib.js:36:13:36:16 | name |
| lib/lib.js:41:32:41:35 | name |
| lib/lib.js:41:32:41:35 | name |
| lib/lib.js:42:17:42:20 | name |
| lib/lib.js:42:17:42:20 | name |
| lib/lib.js:44:5:44:25 | name |
| lib/lib.js:44:12:44:15 | name |
| lib/lib.js:44:12:44:25 | name.substr(1) |
| lib/lib.js:45:17:45:20 | name |
| lib/lib.js:45:17:45:20 | name |
| lib/lib.js:52:22:52:25 | name |
| lib/lib.js:52:22:52:25 | name |
| lib/lib.js:53:16:53:19 | name |
| lib/lib.js:53:16:53:19 | name |
| lib/moduleLib/moduleLib.js:1:28:1:31 | name |
| lib/moduleLib/moduleLib.js:1:28:1:31 | name |
| lib/moduleLib/moduleLib.js:2:13:2:16 | name |
| lib/moduleLib/moduleLib.js:2:13:2:16 | name |
| lib/otherLib/js/src/index.js:1:28:1:31 | name |
| lib/otherLib/js/src/index.js:1:28:1:31 | name |
| lib/otherLib/js/src/index.js:2:13:2:16 | name |
| lib/otherLib/js/src/index.js:2:13:2:16 | name |
| lib/snapdragon.js:3:34:3:38 | input |
| lib/snapdragon.js:3:34:3:38 | input |
| lib/snapdragon.js:7:15:7:18 | this |
| lib/snapdragon.js:7:15:7:18 | this |
| lib/snapdragon.js:9:12:9:16 | input |
| lib/snapdragon.js:12:34:12:38 | input |
| lib/snapdragon.js:12:34:12:38 | input |
| lib/snapdragon.js:15:13:15:16 | this |
| lib/snapdragon.js:15:13:15:16 | this |
| lib/snapdragon.js:17:20:17:24 | input |
| lib/snapdragon.js:20:34:20:38 | input |
| lib/snapdragon.js:20:34:20:38 | input |
| lib/snapdragon.js:22:44:22:47 | node |
| lib/snapdragon.js:23:5:23:8 | node |
| lib/snapdragon.js:23:5:23:12 | node.val |
| lib/snapdragon.js:23:5:23:12 | node.val |
| lib/snapdragon.js:25:22:25:26 | input |
| lib/subLib4/factory.js:7:27:7:30 | name |
| lib/subLib4/factory.js:7:27:7:30 | name |
| lib/subLib4/factory.js:8:13:8:16 | name |
| lib/subLib4/factory.js:8:13:8:16 | name |
| lib/subLib5/feature.js:1:28:1:31 | name |
| lib/subLib5/feature.js:1:28:1:31 | name |
| lib/subLib5/feature.js:2:13:2:16 | name |
| lib/subLib5/feature.js:2:13:2:16 | name |
| lib/subLib5/main.js:1:28:1:31 | name |
| lib/subLib5/main.js:1:28:1:31 | name |
| lib/subLib5/main.js:2:13:2:16 | name |
| lib/subLib5/main.js:2:13:2:16 | name |
| lib/subLib5/subclass.js:4:10:4:13 | name |
| lib/subLib5/subclass.js:4:10:4:13 | name |
| lib/subLib5/subclass.js:5:16:5:19 | name |
| lib/subLib5/subclass.js:5:16:5:19 | name |
| lib/subLib6/index.js:1:32:1:35 | name |
| lib/subLib6/index.js:1:32:1:35 | name |
| lib/subLib6/index.js:2:14:2:17 | name |
| lib/subLib6/index.js:2:14:2:17 | name |
| lib/sublib/factory.js:12:26:12:29 | name |
| lib/sublib/factory.js:12:26:12:29 | name |
| lib/sublib/factory.js:13:24:13:27 | name |
| lib/sublib/factory.js:13:24:13:27 | name |
| polynomial-redos.js:5:6:5:32 | tainted |
| polynomial-redos.js:5:16:5:32 | req.query.tainted |
| polynomial-redos.js:5:16:5:32 | req.query.tainted |
| polynomial-redos.js:7:2:7:8 | tainted |
| polynomial-redos.js:7:2:7:8 | tainted |
| polynomial-redos.js:8:2:8:8 | tainted |
| polynomial-redos.js:8:2:8:8 | tainted |
| polynomial-redos.js:9:2:9:8 | tainted |
| polynomial-redos.js:9:2:9:8 | tainted |
| polynomial-redos.js:11:2:11:8 | tainted |
| polynomial-redos.js:11:2:11:8 | tainted |
| polynomial-redos.js:12:2:12:8 | tainted |
| polynomial-redos.js:12:2:12:8 | tainted |
| polynomial-redos.js:15:2:15:8 | tainted |
| polynomial-redos.js:15:2:15:8 | tainted |
| polynomial-redos.js:16:2:16:8 | tainted |
| polynomial-redos.js:16:2:16:8 | tainted |
| polynomial-redos.js:17:23:17:29 | tainted |
| polynomial-redos.js:17:23:17:29 | tainted |
| polynomial-redos.js:18:2:18:8 | tainted |
| polynomial-redos.js:18:2:18:8 | tainted |
| polynomial-redos.js:19:2:19:8 | tainted |
| polynomial-redos.js:19:2:19:8 | tainted |
| polynomial-redos.js:20:2:20:8 | tainted |
| polynomial-redos.js:20:2:20:8 | tainted |
| polynomial-redos.js:25:2:25:8 | tainted |
| polynomial-redos.js:25:2:25:8 | tainted |
| polynomial-redos.js:30:2:30:8 | tainted |
| polynomial-redos.js:30:2:30:8 | tainted |
| polynomial-redos.js:33:2:33:8 | tainted |
| polynomial-redos.js:33:2:33:8 | tainted |
| polynomial-redos.js:36:2:36:8 | tainted |
| polynomial-redos.js:36:2:36:8 | tainted |
| polynomial-redos.js:37:2:37:8 | tainted |
| polynomial-redos.js:37:2:37:8 | tainted |
| polynomial-redos.js:38:2:38:8 | tainted |
| polynomial-redos.js:38:2:38:8 | tainted |
| polynomial-redos.js:40:2:40:8 | tainted |
| polynomial-redos.js:40:2:40:8 | tainted |
| polynomial-redos.js:43:2:43:8 | tainted |
| polynomial-redos.js:43:2:43:8 | tainted |
| polynomial-redos.js:48:2:48:8 | tainted |
| polynomial-redos.js:48:2:48:8 | tainted |
| polynomial-redos.js:50:14:50:20 | tainted |
| polynomial-redos.js:50:14:50:20 | tainted |
| polynomial-redos.js:51:26:51:32 | tainted |
| polynomial-redos.js:51:26:51:32 | tainted |
| polynomial-redos.js:52:22:52:28 | tainted |
| polynomial-redos.js:52:22:52:28 | tainted |
| polynomial-redos.js:53:21:53:27 | tainted |
| polynomial-redos.js:53:21:53:27 | tainted |
| polynomial-redos.js:54:22:54:28 | tainted |
| polynomial-redos.js:54:22:54:28 | tainted |
| polynomial-redos.js:55:23:55:29 | tainted |
| polynomial-redos.js:55:23:55:29 | tainted |
| polynomial-redos.js:56:22:56:28 | tainted |
| polynomial-redos.js:56:22:56:28 | tainted |
| polynomial-redos.js:57:25:57:31 | tainted |
| polynomial-redos.js:57:25:57:31 | tainted |
| polynomial-redos.js:58:21:58:27 | tainted |
| polynomial-redos.js:58:21:58:27 | tainted |
| polynomial-redos.js:59:23:59:29 | tainted |
| polynomial-redos.js:59:23:59:29 | tainted |
| polynomial-redos.js:62:17:62:23 | tainted |
| polynomial-redos.js:62:17:62:23 | tainted |
| polynomial-redos.js:63:21:63:27 | tainted |
| polynomial-redos.js:63:21:63:27 | tainted |
| polynomial-redos.js:64:24:64:30 | tainted |
| polynomial-redos.js:64:24:64:30 | tainted |
| polynomial-redos.js:65:24:65:30 | tainted |
| polynomial-redos.js:65:24:65:30 | tainted |
| polynomial-redos.js:66:19:66:25 | tainted |
| polynomial-redos.js:66:19:66:25 | tainted |
| polynomial-redos.js:67:18:67:24 | tainted |
| polynomial-redos.js:67:18:67:24 | tainted |
| polynomial-redos.js:68:18:68:24 | req.url |
| polynomial-redos.js:68:18:68:24 | req.url |
| polynomial-redos.js:68:18:68:24 | req.url |
| polynomial-redos.js:69:18:69:25 | req.body |
| polynomial-redos.js:69:18:69:25 | req.body |
| polynomial-redos.js:69:18:69:25 | req.body |
| polynomial-redos.js:71:2:71:8 | tainted |
| polynomial-redos.js:71:2:71:8 | tainted |
| polynomial-redos.js:73:2:73:8 | tainted |
| polynomial-redos.js:73:2:73:8 | tainted |
| polynomial-redos.js:75:2:75:8 | tainted |
| polynomial-redos.js:75:2:75:8 | tainted |
| polynomial-redos.js:77:2:77:8 | tainted |
| polynomial-redos.js:77:2:77:8 | tainted |
| polynomial-redos.js:80:2:80:8 | tainted |
| polynomial-redos.js:80:2:80:8 | tainted |
| polynomial-redos.js:81:2:81:8 | tainted |
| polynomial-redos.js:81:2:81:8 | tainted |
| polynomial-redos.js:86:2:86:8 | tainted |
| polynomial-redos.js:86:2:86:8 | tainted |
| polynomial-redos.js:88:2:88:8 | tainted |
| polynomial-redos.js:88:2:88:8 | tainted |
| polynomial-redos.js:89:2:89:8 | tainted |
| polynomial-redos.js:89:2:89:8 | tainted |
| polynomial-redos.js:90:2:90:8 | tainted |
| polynomial-redos.js:90:2:90:8 | tainted |
| polynomial-redos.js:94:2:94:8 | tainted |
| polynomial-redos.js:94:2:94:8 | tainted |
| polynomial-redos.js:95:2:95:8 | tainted |
| polynomial-redos.js:95:2:95:8 | tainted |
| polynomial-redos.js:96:2:96:8 | tainted |
| polynomial-redos.js:96:2:96:8 | tainted |
| polynomial-redos.js:98:2:98:8 | tainted |
| polynomial-redos.js:98:2:98:8 | tainted |
| polynomial-redos.js:100:2:100:8 | tainted |
| polynomial-redos.js:100:2:100:8 | tainted |
| polynomial-redos.js:101:2:101:8 | tainted |
| polynomial-redos.js:101:2:101:8 | tainted |
| polynomial-redos.js:102:2:102:8 | tainted |
| polynomial-redos.js:102:2:102:8 | tainted |
| polynomial-redos.js:103:2:103:8 | tainted |
| polynomial-redos.js:103:2:103:8 | tainted |
| polynomial-redos.js:104:2:104:8 | tainted |
| polynomial-redos.js:104:2:104:8 | tainted |
| polynomial-redos.js:107:2:107:8 | tainted |
| polynomial-redos.js:107:2:107:8 | tainted |
| polynomial-redos.js:108:2:108:8 | tainted |
| polynomial-redos.js:108:2:108:8 | tainted |
| polynomial-redos.js:109:2:109:8 | tainted |
| polynomial-redos.js:109:2:109:8 | tainted |
| polynomial-redos.js:111:2:111:8 | tainted |
| polynomial-redos.js:111:2:111:8 | tainted |
| polynomial-redos.js:112:2:112:8 | tainted |
| polynomial-redos.js:112:2:112:8 | tainted |
| polynomial-redos.js:114:2:114:8 | tainted |
| polynomial-redos.js:114:2:114:8 | tainted |
| polynomial-redos.js:116:2:116:8 | tainted |
| polynomial-redos.js:116:2:116:8 | tainted |
| polynomial-redos.js:118:2:118:8 | tainted |
| polynomial-redos.js:118:2:118:8 | tainted |
| polynomial-redos.js:121:7:121:55 | replaced |
| polynomial-redos.js:121:18:121:24 | tainted |
| polynomial-redos.js:121:18:121:55 | tainted ... /g, '') |
| polynomial-redos.js:123:3:123:20 | result |
| polynomial-redos.js:123:13:123:20 | replaced |
| polynomial-redos.js:124:12:124:17 | result |
| polynomial-redos.js:124:12:124:17 | result |
| polynomial-redos.js:129:6:129:42 | modified |
| polynomial-redos.js:129:17:129:23 | tainted |
| polynomial-redos.js:129:17:129:42 | tainted ... g, "b") |
| polynomial-redos.js:130:2:130:9 | modified |
| polynomial-redos.js:130:2:130:9 | modified |
| polynomial-redos.js:132:6:132:50 | modified2 |
| polynomial-redos.js:132:18:132:24 | tainted |
| polynomial-redos.js:132:18:132:50 | tainted ... g, "e") |
| polynomial-redos.js:133:2:133:10 | modified2 |
| polynomial-redos.js:133:2:133:10 | modified2 |
| polynomial-redos.js:135:9:135:47 | modified3 |
| polynomial-redos.js:135:21:135:27 | tainted |
| polynomial-redos.js:135:21:135:47 | tainted ... /g, "") |
| polynomial-redos.js:136:5:136:13 | modified3 |
| polynomial-redos.js:136:5:136:13 | modified3 |
| polynomial-redos.js:138:5:138:11 | tainted |
| polynomial-redos.js:138:5:138:11 | tainted |
edges
| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x |
| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x |
| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x |
| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x |
| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x |
| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x |
| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x |
| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x |
| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name |
| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name |
| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name |
| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name |
| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name |
| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name |
| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name |
| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name |
| lib/lib.js:21:14:21:14 | x | lib/lib.js:22:9:22:9 | x |
| lib/lib.js:21:14:21:14 | x | lib/lib.js:22:9:22:9 | x |
| lib/lib.js:22:9:22:9 | x | lib/lib.js:27:10:27:19 | id("safe") |
| lib/lib.js:27:6:27:19 | y | lib/lib.js:28:13:28:13 | y |
| lib/lib.js:27:6:27:19 | y | lib/lib.js:28:13:28:13 | y |
| lib/lib.js:27:10:27:19 | id("safe") | lib/lib.js:27:6:27:19 | y |
| lib/lib.js:32:32:32:40 | arguments | lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments |
| lib/lib.js:32:32:32:40 | arguments | lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments |
| lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | lib/lib.js:35:28:35:31 | name |
| lib/lib.js:35:28:35:31 | name | lib/lib.js:36:13:36:16 | name |
| lib/lib.js:35:28:35:31 | name | lib/lib.js:36:13:36:16 | name |
| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name |
| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name |
| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name |
| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name |
| lib/lib.js:41:32:41:35 | name | lib/lib.js:44:12:44:15 | name |
| lib/lib.js:41:32:41:35 | name | lib/lib.js:44:12:44:15 | name |
| lib/lib.js:44:5:44:25 | name | lib/lib.js:45:17:45:20 | name |
| lib/lib.js:44:5:44:25 | name | lib/lib.js:45:17:45:20 | name |
| lib/lib.js:44:12:44:15 | name | lib/lib.js:44:12:44:25 | name.substr(1) |
| lib/lib.js:44:12:44:25 | name.substr(1) | lib/lib.js:44:5:44:25 | name |
| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name |
| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name |
| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name |
| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name |
| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name |
| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name |
| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name |
| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name |
| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name |
| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name |
| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name |
| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name |
| lib/snapdragon.js:3:34:3:38 | input | lib/snapdragon.js:9:12:9:16 | input |
| lib/snapdragon.js:3:34:3:38 | input | lib/snapdragon.js:9:12:9:16 | input |
| lib/snapdragon.js:9:12:9:16 | input | lib/snapdragon.js:7:15:7:18 | this |
| lib/snapdragon.js:9:12:9:16 | input | lib/snapdragon.js:7:15:7:18 | this |
| lib/snapdragon.js:12:34:12:38 | input | lib/snapdragon.js:17:20:17:24 | input |
| lib/snapdragon.js:12:34:12:38 | input | lib/snapdragon.js:17:20:17:24 | input |
| lib/snapdragon.js:17:20:17:24 | input | lib/snapdragon.js:15:13:15:16 | this |
| lib/snapdragon.js:17:20:17:24 | input | lib/snapdragon.js:15:13:15:16 | this |
| lib/snapdragon.js:20:34:20:38 | input | lib/snapdragon.js:25:22:25:26 | input |
| lib/snapdragon.js:20:34:20:38 | input | lib/snapdragon.js:25:22:25:26 | input |
| lib/snapdragon.js:22:44:22:47 | node | lib/snapdragon.js:23:5:23:8 | node |
| lib/snapdragon.js:23:5:23:8 | node | lib/snapdragon.js:23:5:23:12 | node.val |
| lib/snapdragon.js:23:5:23:8 | node | lib/snapdragon.js:23:5:23:12 | node.val |
| lib/snapdragon.js:25:22:25:26 | input | lib/snapdragon.js:22:44:22:47 | node |
| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name |
| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name |
| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name |
| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name |
| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name |
| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name |
| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name |
| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name |
| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name |
| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name |
| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name |
| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name |
| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name |
| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name |
| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name |
| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name |
| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name |
| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name |
| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name |
| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name |
| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name |
| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name |
| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name |
| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:7:2:7:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:7:2:7:8 | tainted |
@@ -343,10 +34,13 @@ edges
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:8:2:8:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:9:2:9:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:9:2:9:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:10:2:10:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:11:2:11:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:11:2:11:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:12:2:12:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:12:2:12:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:13:2:13:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:14:2:14:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:15:2:15:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:15:2:15:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:16:2:16:8 | tainted |
@@ -359,12 +53,19 @@ edges
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:19:2:19:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:20:2:20:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:20:2:20:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:21:6:21:12 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:25:2:25:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:25:2:25:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:26:2:26:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:27:77:27:83 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:28:76:28:82 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:30:2:30:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:30:2:30:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:31:2:31:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:32:2:32:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:33:2:33:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:33:2:33:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:34:2:34:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:36:2:36:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:36:2:36:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:37:2:37:8 | tainted |
@@ -373,8 +74,12 @@ edges
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:38:2:38:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:40:2:40:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:40:2:40:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:41:2:41:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:43:2:43:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:43:2:43:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:44:2:44:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:46:2:46:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:47:2:47:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:48:2:48:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:48:2:48:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:50:14:50:20 | tainted |
@@ -397,6 +102,8 @@ edges
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:58:21:58:27 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:59:23:59:29 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:59:23:59:29 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:60:17:60:23 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:61:18:61:24 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:62:17:62:23 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:62:17:62:23 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:63:21:63:27 | tainted |
@@ -421,6 +128,9 @@ edges
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:80:2:80:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:81:2:81:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:81:2:81:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:82:2:82:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:83:2:83:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:84:2:84:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:86:2:86:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:86:2:86:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:88:2:88:8 | tainted |
@@ -429,6 +139,8 @@ edges
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:89:2:89:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:90:2:90:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:90:2:90:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:91:2:91:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:92:2:92:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:94:2:94:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:94:2:94:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:95:2:95:8 | tainted |
@@ -447,6 +159,7 @@ edges
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:103:2:103:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:104:2:104:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:104:2:104:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:105:2:105:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:107:2:107:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:107:2:107:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:108:2:108:8 | tainted |
@@ -463,34 +176,402 @@ edges
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:116:2:116:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:121:18:121:24 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:127:2:127:8 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:129:17:129:23 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:132:18:132:24 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:135:21:135:27 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:138:5:138:11 | tainted |
| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:138:5:138:11 | tainted |
| polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:5:6:5:32 | tainted |
| polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:5:6:5:32 | tainted |
| polynomial-redos.js:68:18:68:24 | req.url | polynomial-redos.js:68:18:68:24 | req.url |
| polynomial-redos.js:69:18:69:25 | req.body | polynomial-redos.js:69:18:69:25 | req.body |
| polynomial-redos.js:7:2:7:8 | tainted | polynomial-redos.js:8:2:8:8 | tainted |
| polynomial-redos.js:7:2:7:8 | tainted | polynomial-redos.js:8:2:8:8 | tainted |
| polynomial-redos.js:8:2:8:8 | tainted | polynomial-redos.js:9:2:9:8 | tainted |
| polynomial-redos.js:8:2:8:8 | tainted | polynomial-redos.js:9:2:9:8 | tainted |
| polynomial-redos.js:9:2:9:8 | tainted | polynomial-redos.js:10:2:10:8 | tainted |
| polynomial-redos.js:10:2:10:8 | tainted | polynomial-redos.js:11:2:11:8 | tainted |
| polynomial-redos.js:10:2:10:8 | tainted | polynomial-redos.js:11:2:11:8 | tainted |
| polynomial-redos.js:11:2:11:8 | tainted | polynomial-redos.js:12:2:12:8 | tainted |
| polynomial-redos.js:11:2:11:8 | tainted | polynomial-redos.js:12:2:12:8 | tainted |
| polynomial-redos.js:12:2:12:8 | tainted | polynomial-redos.js:13:2:13:8 | tainted |
| polynomial-redos.js:13:2:13:8 | tainted | polynomial-redos.js:14:2:14:8 | tainted |
| polynomial-redos.js:14:2:14:8 | tainted | polynomial-redos.js:15:2:15:8 | tainted |
| polynomial-redos.js:14:2:14:8 | tainted | polynomial-redos.js:15:2:15:8 | tainted |
| polynomial-redos.js:15:2:15:8 | tainted | polynomial-redos.js:16:2:16:8 | tainted |
| polynomial-redos.js:15:2:15:8 | tainted | polynomial-redos.js:16:2:16:8 | tainted |
| polynomial-redos.js:16:2:16:8 | tainted | polynomial-redos.js:17:23:17:29 | tainted |
| polynomial-redos.js:16:2:16:8 | tainted | polynomial-redos.js:17:23:17:29 | tainted |
| polynomial-redos.js:17:23:17:29 | tainted | polynomial-redos.js:18:2:18:8 | tainted |
| polynomial-redos.js:17:23:17:29 | tainted | polynomial-redos.js:18:2:18:8 | tainted |
| polynomial-redos.js:18:2:18:8 | tainted | polynomial-redos.js:19:2:19:8 | tainted |
| polynomial-redos.js:18:2:18:8 | tainted | polynomial-redos.js:19:2:19:8 | tainted |
| polynomial-redos.js:19:2:19:8 | tainted | polynomial-redos.js:20:2:20:8 | tainted |
| polynomial-redos.js:19:2:19:8 | tainted | polynomial-redos.js:20:2:20:8 | tainted |
| polynomial-redos.js:20:2:20:8 | tainted | polynomial-redos.js:21:6:21:12 | tainted |
| polynomial-redos.js:21:6:21:12 | tainted | polynomial-redos.js:25:2:25:8 | tainted |
| polynomial-redos.js:21:6:21:12 | tainted | polynomial-redos.js:25:2:25:8 | tainted |
| polynomial-redos.js:25:2:25:8 | tainted | polynomial-redos.js:26:2:26:8 | tainted |
| polynomial-redos.js:26:2:26:8 | tainted | polynomial-redos.js:27:77:27:83 | tainted |
| polynomial-redos.js:27:77:27:83 | tainted | polynomial-redos.js:28:76:28:82 | tainted |
| polynomial-redos.js:28:76:28:82 | tainted | polynomial-redos.js:30:2:30:8 | tainted |
| polynomial-redos.js:28:76:28:82 | tainted | polynomial-redos.js:30:2:30:8 | tainted |
| polynomial-redos.js:30:2:30:8 | tainted | polynomial-redos.js:31:2:31:8 | tainted |
| polynomial-redos.js:31:2:31:8 | tainted | polynomial-redos.js:32:2:32:8 | tainted |
| polynomial-redos.js:32:2:32:8 | tainted | polynomial-redos.js:33:2:33:8 | tainted |
| polynomial-redos.js:32:2:32:8 | tainted | polynomial-redos.js:33:2:33:8 | tainted |
| polynomial-redos.js:33:2:33:8 | tainted | polynomial-redos.js:34:2:34:8 | tainted |
| polynomial-redos.js:34:2:34:8 | tainted | polynomial-redos.js:36:2:36:8 | tainted |
| polynomial-redos.js:34:2:34:8 | tainted | polynomial-redos.js:36:2:36:8 | tainted |
| polynomial-redos.js:36:2:36:8 | tainted | polynomial-redos.js:37:2:37:8 | tainted |
| polynomial-redos.js:36:2:36:8 | tainted | polynomial-redos.js:37:2:37:8 | tainted |
| polynomial-redos.js:37:2:37:8 | tainted | polynomial-redos.js:38:2:38:8 | tainted |
| polynomial-redos.js:37:2:37:8 | tainted | polynomial-redos.js:38:2:38:8 | tainted |
| polynomial-redos.js:38:2:38:8 | tainted | polynomial-redos.js:40:2:40:8 | tainted |
| polynomial-redos.js:38:2:38:8 | tainted | polynomial-redos.js:40:2:40:8 | tainted |
| polynomial-redos.js:40:2:40:8 | tainted | polynomial-redos.js:41:2:41:8 | tainted |
| polynomial-redos.js:41:2:41:8 | tainted | polynomial-redos.js:43:2:43:8 | tainted |
| polynomial-redos.js:41:2:41:8 | tainted | polynomial-redos.js:43:2:43:8 | tainted |
| polynomial-redos.js:43:2:43:8 | tainted | polynomial-redos.js:44:2:44:8 | tainted |
| polynomial-redos.js:44:2:44:8 | tainted | polynomial-redos.js:46:2:46:8 | tainted |
| polynomial-redos.js:46:2:46:8 | tainted | polynomial-redos.js:47:2:47:8 | tainted |
| polynomial-redos.js:47:2:47:8 | tainted | polynomial-redos.js:48:2:48:8 | tainted |
| polynomial-redos.js:47:2:47:8 | tainted | polynomial-redos.js:48:2:48:8 | tainted |
| polynomial-redos.js:48:2:48:8 | tainted | polynomial-redos.js:50:14:50:20 | tainted |
| polynomial-redos.js:48:2:48:8 | tainted | polynomial-redos.js:50:14:50:20 | tainted |
| polynomial-redos.js:50:14:50:20 | tainted | polynomial-redos.js:51:26:51:32 | tainted |
| polynomial-redos.js:50:14:50:20 | tainted | polynomial-redos.js:51:26:51:32 | tainted |
| polynomial-redos.js:51:26:51:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted |
| polynomial-redos.js:51:26:51:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted |
| polynomial-redos.js:52:22:52:28 | tainted | polynomial-redos.js:53:21:53:27 | tainted |
| polynomial-redos.js:52:22:52:28 | tainted | polynomial-redos.js:53:21:53:27 | tainted |
| polynomial-redos.js:53:21:53:27 | tainted | polynomial-redos.js:54:22:54:28 | tainted |
| polynomial-redos.js:53:21:53:27 | tainted | polynomial-redos.js:54:22:54:28 | tainted |
| polynomial-redos.js:54:22:54:28 | tainted | polynomial-redos.js:55:23:55:29 | tainted |
| polynomial-redos.js:54:22:54:28 | tainted | polynomial-redos.js:55:23:55:29 | tainted |
| polynomial-redos.js:55:23:55:29 | tainted | polynomial-redos.js:56:22:56:28 | tainted |
| polynomial-redos.js:55:23:55:29 | tainted | polynomial-redos.js:56:22:56:28 | tainted |
| polynomial-redos.js:56:22:56:28 | tainted | polynomial-redos.js:57:25:57:31 | tainted |
| polynomial-redos.js:56:22:56:28 | tainted | polynomial-redos.js:57:25:57:31 | tainted |
| polynomial-redos.js:57:25:57:31 | tainted | polynomial-redos.js:58:21:58:27 | tainted |
| polynomial-redos.js:57:25:57:31 | tainted | polynomial-redos.js:58:21:58:27 | tainted |
| polynomial-redos.js:58:21:58:27 | tainted | polynomial-redos.js:59:23:59:29 | tainted |
| polynomial-redos.js:58:21:58:27 | tainted | polynomial-redos.js:59:23:59:29 | tainted |
| polynomial-redos.js:59:23:59:29 | tainted | polynomial-redos.js:60:17:60:23 | tainted |
| polynomial-redos.js:60:17:60:23 | tainted | polynomial-redos.js:61:18:61:24 | tainted |
| polynomial-redos.js:61:18:61:24 | tainted | polynomial-redos.js:62:17:62:23 | tainted |
| polynomial-redos.js:61:18:61:24 | tainted | polynomial-redos.js:62:17:62:23 | tainted |
| polynomial-redos.js:62:17:62:23 | tainted | polynomial-redos.js:63:21:63:27 | tainted |
| polynomial-redos.js:62:17:62:23 | tainted | polynomial-redos.js:63:21:63:27 | tainted |
| polynomial-redos.js:63:21:63:27 | tainted | polynomial-redos.js:64:24:64:30 | tainted |
| polynomial-redos.js:63:21:63:27 | tainted | polynomial-redos.js:64:24:64:30 | tainted |
| polynomial-redos.js:64:24:64:30 | tainted | polynomial-redos.js:65:24:65:30 | tainted |
| polynomial-redos.js:64:24:64:30 | tainted | polynomial-redos.js:65:24:65:30 | tainted |
| polynomial-redos.js:65:24:65:30 | tainted | polynomial-redos.js:66:19:66:25 | tainted |
| polynomial-redos.js:65:24:65:30 | tainted | polynomial-redos.js:66:19:66:25 | tainted |
| polynomial-redos.js:66:19:66:25 | tainted | polynomial-redos.js:67:18:67:24 | tainted |
| polynomial-redos.js:66:19:66:25 | tainted | polynomial-redos.js:67:18:67:24 | tainted |
| polynomial-redos.js:67:18:67:24 | tainted | polynomial-redos.js:71:2:71:8 | tainted |
| polynomial-redos.js:67:18:67:24 | tainted | polynomial-redos.js:71:2:71:8 | tainted |
| polynomial-redos.js:71:2:71:8 | tainted | polynomial-redos.js:73:2:73:8 | tainted |
| polynomial-redos.js:71:2:71:8 | tainted | polynomial-redos.js:73:2:73:8 | tainted |
| polynomial-redos.js:73:2:73:8 | tainted | polynomial-redos.js:75:2:75:8 | tainted |
| polynomial-redos.js:73:2:73:8 | tainted | polynomial-redos.js:75:2:75:8 | tainted |
| polynomial-redos.js:75:2:75:8 | tainted | polynomial-redos.js:77:2:77:8 | tainted |
| polynomial-redos.js:75:2:75:8 | tainted | polynomial-redos.js:77:2:77:8 | tainted |
| polynomial-redos.js:77:2:77:8 | tainted | polynomial-redos.js:80:2:80:8 | tainted |
| polynomial-redos.js:77:2:77:8 | tainted | polynomial-redos.js:80:2:80:8 | tainted |
| polynomial-redos.js:80:2:80:8 | tainted | polynomial-redos.js:81:2:81:8 | tainted |
| polynomial-redos.js:80:2:80:8 | tainted | polynomial-redos.js:81:2:81:8 | tainted |
| polynomial-redos.js:81:2:81:8 | tainted | polynomial-redos.js:82:2:82:8 | tainted |
| polynomial-redos.js:82:2:82:8 | tainted | polynomial-redos.js:83:2:83:8 | tainted |
| polynomial-redos.js:83:2:83:8 | tainted | polynomial-redos.js:84:2:84:8 | tainted |
| polynomial-redos.js:84:2:84:8 | tainted | polynomial-redos.js:86:2:86:8 | tainted |
| polynomial-redos.js:84:2:84:8 | tainted | polynomial-redos.js:86:2:86:8 | tainted |
| polynomial-redos.js:86:2:86:8 | tainted | polynomial-redos.js:88:2:88:8 | tainted |
| polynomial-redos.js:86:2:86:8 | tainted | polynomial-redos.js:88:2:88:8 | tainted |
| polynomial-redos.js:88:2:88:8 | tainted | polynomial-redos.js:89:2:89:8 | tainted |
| polynomial-redos.js:88:2:88:8 | tainted | polynomial-redos.js:89:2:89:8 | tainted |
| polynomial-redos.js:89:2:89:8 | tainted | polynomial-redos.js:90:2:90:8 | tainted |
| polynomial-redos.js:89:2:89:8 | tainted | polynomial-redos.js:90:2:90:8 | tainted |
| polynomial-redos.js:90:2:90:8 | tainted | polynomial-redos.js:91:2:91:8 | tainted |
| polynomial-redos.js:91:2:91:8 | tainted | polynomial-redos.js:92:2:92:8 | tainted |
| polynomial-redos.js:92:2:92:8 | tainted | polynomial-redos.js:94:2:94:8 | tainted |
| polynomial-redos.js:92:2:92:8 | tainted | polynomial-redos.js:94:2:94:8 | tainted |
| polynomial-redos.js:94:2:94:8 | tainted | polynomial-redos.js:95:2:95:8 | tainted |
| polynomial-redos.js:94:2:94:8 | tainted | polynomial-redos.js:95:2:95:8 | tainted |
| polynomial-redos.js:95:2:95:8 | tainted | polynomial-redos.js:96:2:96:8 | tainted |
| polynomial-redos.js:95:2:95:8 | tainted | polynomial-redos.js:96:2:96:8 | tainted |
| polynomial-redos.js:96:2:96:8 | tainted | polynomial-redos.js:98:2:98:8 | tainted |
| polynomial-redos.js:96:2:96:8 | tainted | polynomial-redos.js:98:2:98:8 | tainted |
| polynomial-redos.js:98:2:98:8 | tainted | polynomial-redos.js:100:2:100:8 | tainted |
| polynomial-redos.js:98:2:98:8 | tainted | polynomial-redos.js:100:2:100:8 | tainted |
| polynomial-redos.js:100:2:100:8 | tainted | polynomial-redos.js:101:2:101:8 | tainted |
| polynomial-redos.js:100:2:100:8 | tainted | polynomial-redos.js:101:2:101:8 | tainted |
| polynomial-redos.js:101:2:101:8 | tainted | polynomial-redos.js:102:2:102:8 | tainted |
| polynomial-redos.js:101:2:101:8 | tainted | polynomial-redos.js:102:2:102:8 | tainted |
| polynomial-redos.js:102:2:102:8 | tainted | polynomial-redos.js:103:2:103:8 | tainted |
| polynomial-redos.js:102:2:102:8 | tainted | polynomial-redos.js:103:2:103:8 | tainted |
| polynomial-redos.js:103:2:103:8 | tainted | polynomial-redos.js:104:2:104:8 | tainted |
| polynomial-redos.js:103:2:103:8 | tainted | polynomial-redos.js:104:2:104:8 | tainted |
| polynomial-redos.js:104:2:104:8 | tainted | polynomial-redos.js:105:2:105:8 | tainted |
| polynomial-redos.js:105:2:105:8 | tainted | polynomial-redos.js:107:2:107:8 | tainted |
| polynomial-redos.js:105:2:105:8 | tainted | polynomial-redos.js:107:2:107:8 | tainted |
| polynomial-redos.js:107:2:107:8 | tainted | polynomial-redos.js:108:2:108:8 | tainted |
| polynomial-redos.js:107:2:107:8 | tainted | polynomial-redos.js:108:2:108:8 | tainted |
| polynomial-redos.js:108:2:108:8 | tainted | polynomial-redos.js:109:2:109:8 | tainted |
| polynomial-redos.js:108:2:108:8 | tainted | polynomial-redos.js:109:2:109:8 | tainted |
| polynomial-redos.js:109:2:109:8 | tainted | polynomial-redos.js:111:2:111:8 | tainted |
| polynomial-redos.js:109:2:109:8 | tainted | polynomial-redos.js:111:2:111:8 | tainted |
| polynomial-redos.js:111:2:111:8 | tainted | polynomial-redos.js:112:2:112:8 | tainted |
| polynomial-redos.js:111:2:111:8 | tainted | polynomial-redos.js:112:2:112:8 | tainted |
| polynomial-redos.js:112:2:112:8 | tainted | polynomial-redos.js:114:2:114:8 | tainted |
| polynomial-redos.js:112:2:112:8 | tainted | polynomial-redos.js:114:2:114:8 | tainted |
| polynomial-redos.js:114:2:114:8 | tainted | polynomial-redos.js:116:2:116:8 | tainted |
| polynomial-redos.js:114:2:114:8 | tainted | polynomial-redos.js:116:2:116:8 | tainted |
| polynomial-redos.js:116:2:116:8 | tainted | polynomial-redos.js:118:2:118:8 | tainted |
| polynomial-redos.js:116:2:116:8 | tainted | polynomial-redos.js:118:2:118:8 | tainted |
| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] |
| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:121:18:121:24 | tainted |
| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:127:2:127:8 | tainted |
| polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | polynomial-redos.js:121:18:121:24 | tainted |
| polynomial-redos.js:121:7:121:55 | replaced | polynomial-redos.js:123:13:123:20 | replaced |
| polynomial-redos.js:121:18:121:24 | tainted | polynomial-redos.js:121:18:121:55 | tainted ... /g, '') |
| polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | polynomial-redos.js:121:7:121:55 | replaced |
| polynomial-redos.js:123:3:123:20 | result | polynomial-redos.js:124:12:124:17 | result |
| polynomial-redos.js:123:3:123:20 | result | polynomial-redos.js:124:12:124:17 | result |
| polynomial-redos.js:123:13:123:20 | replaced | polynomial-redos.js:123:3:123:20 | result |
| polynomial-redos.js:129:6:129:42 | modified | polynomial-redos.js:130:2:130:9 | modified |
| polynomial-redos.js:127:2:127:8 | tainted | polynomial-redos.js:129:17:129:23 | tainted |
| polynomial-redos.js:129:6:129:42 | modified | polynomial-redos.js:130:2:130:9 | modified |
| polynomial-redos.js:129:17:129:23 | tainted | polynomial-redos.js:129:17:129:42 | tainted ... g, "b") |
| polynomial-redos.js:129:17:129:23 | tainted | polynomial-redos.js:132:18:132:24 | tainted |
| polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | polynomial-redos.js:129:6:129:42 | modified |
| polynomial-redos.js:132:6:132:50 | modified2 | polynomial-redos.js:133:2:133:10 | modified2 |
| polynomial-redos.js:132:6:132:50 | modified2 | polynomial-redos.js:133:2:133:10 | modified2 |
| polynomial-redos.js:132:18:132:24 | tainted | polynomial-redos.js:132:18:132:50 | tainted ... g, "e") |
| polynomial-redos.js:132:18:132:24 | tainted | polynomial-redos.js:135:21:135:27 | tainted |
| polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | polynomial-redos.js:132:6:132:50 | modified2 |
| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:136:5:136:13 | modified3 |
| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:136:5:136:13 | modified3 |
| polynomial-redos.js:135:21:135:27 | tainted | polynomial-redos.js:135:21:135:47 | tainted ... /g, "") |
| polynomial-redos.js:135:21:135:27 | tainted | polynomial-redos.js:138:5:138:11 | tainted |
| polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | polynomial-redos.js:135:9:135:47 | modified3 |
nodes
| lib/closure.js:3:21:3:21 | x | semmle.label | x |
| lib/closure.js:4:16:4:16 | x | semmle.label | x |
| lib/indirect.js:1:32:1:32 | x | semmle.label | x |
| lib/indirect.js:2:16:2:16 | x | semmle.label | x |
| lib/lib.js:3:28:3:31 | name | semmle.label | name |
| lib/lib.js:4:14:4:17 | name | semmle.label | name |
| lib/lib.js:7:19:7:22 | name | semmle.label | name |
| lib/lib.js:8:13:8:16 | name | semmle.label | name |
| lib/lib.js:32:32:32:40 | arguments | semmle.label | arguments |
| lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | semmle.label | 'arguments' object of function usedWithArguments |
| lib/lib.js:35:28:35:31 | name | semmle.label | name |
| lib/lib.js:36:13:36:16 | name | semmle.label | name |
| lib/lib.js:41:32:41:35 | name | semmle.label | name |
| lib/lib.js:42:17:42:20 | name | semmle.label | name |
| lib/lib.js:44:5:44:25 | name | semmle.label | name |
| lib/lib.js:44:12:44:15 | name | semmle.label | name |
| lib/lib.js:44:12:44:25 | name.substr(1) | semmle.label | name.substr(1) |
| lib/lib.js:45:17:45:20 | name | semmle.label | name |
| lib/lib.js:52:22:52:25 | name | semmle.label | name |
| lib/lib.js:53:16:53:19 | name | semmle.label | name |
| lib/moduleLib/moduleLib.js:1:28:1:31 | name | semmle.label | name |
| lib/moduleLib/moduleLib.js:2:13:2:16 | name | semmle.label | name |
| lib/otherLib/js/src/index.js:1:28:1:31 | name | semmle.label | name |
| lib/otherLib/js/src/index.js:2:13:2:16 | name | semmle.label | name |
| lib/snapdragon.js:3:34:3:38 | input | semmle.label | input |
| lib/snapdragon.js:7:15:7:18 | this | semmle.label | this |
| lib/snapdragon.js:9:12:9:16 | input | semmle.label | input |
| lib/snapdragon.js:12:34:12:38 | input | semmle.label | input |
| lib/snapdragon.js:15:13:15:16 | this | semmle.label | this |
| lib/snapdragon.js:17:20:17:24 | input | semmle.label | input |
| lib/snapdragon.js:20:34:20:38 | input | semmle.label | input |
| lib/snapdragon.js:22:44:22:47 | node | semmle.label | node |
| lib/snapdragon.js:23:5:23:8 | node | semmle.label | node |
| lib/snapdragon.js:23:5:23:12 | node.val | semmle.label | node.val |
| lib/snapdragon.js:25:22:25:26 | input | semmle.label | input |
| lib/subLib4/factory.js:7:27:7:30 | name | semmle.label | name |
| lib/subLib4/factory.js:8:13:8:16 | name | semmle.label | name |
| lib/subLib5/feature.js:1:28:1:31 | name | semmle.label | name |
| lib/subLib5/feature.js:2:13:2:16 | name | semmle.label | name |
| lib/subLib5/main.js:1:28:1:31 | name | semmle.label | name |
| lib/subLib5/main.js:2:13:2:16 | name | semmle.label | name |
| lib/subLib5/subclass.js:4:10:4:13 | name | semmle.label | name |
| lib/subLib5/subclass.js:5:16:5:19 | name | semmle.label | name |
| lib/subLib6/index.js:1:32:1:35 | name | semmle.label | name |
| lib/subLib6/index.js:2:14:2:17 | name | semmle.label | name |
| lib/sublib/factory.js:12:26:12:29 | name | semmle.label | name |
| lib/sublib/factory.js:13:24:13:27 | name | semmle.label | name |
| polynomial-redos.js:5:6:5:32 | tainted | semmle.label | tainted |
| polynomial-redos.js:5:16:5:32 | req.query.tainted | semmle.label | req.query.tainted |
| polynomial-redos.js:7:2:7:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:7:2:7:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:8:2:8:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:8:2:8:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:9:2:9:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:9:2:9:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:10:2:10:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:11:2:11:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:11:2:11:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:12:2:12:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:12:2:12:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:13:2:13:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:14:2:14:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:15:2:15:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:15:2:15:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:16:2:16:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:16:2:16:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:17:23:17:29 | tainted | semmle.label | tainted |
| polynomial-redos.js:17:23:17:29 | tainted | semmle.label | tainted |
| polynomial-redos.js:18:2:18:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:18:2:18:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:19:2:19:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:19:2:19:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:20:2:20:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:20:2:20:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:21:6:21:12 | tainted | semmle.label | tainted |
| polynomial-redos.js:25:2:25:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:25:2:25:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:26:2:26:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:27:77:27:83 | tainted | semmle.label | tainted |
| polynomial-redos.js:28:76:28:82 | tainted | semmle.label | tainted |
| polynomial-redos.js:30:2:30:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:30:2:30:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:31:2:31:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:32:2:32:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:33:2:33:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:33:2:33:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:34:2:34:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:36:2:36:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:36:2:36:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:37:2:37:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:37:2:37:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:38:2:38:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:38:2:38:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:40:2:40:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:40:2:40:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:41:2:41:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:43:2:43:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:43:2:43:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:44:2:44:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:46:2:46:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:47:2:47:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:48:2:48:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:48:2:48:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:50:14:50:20 | tainted | semmle.label | tainted |
| polynomial-redos.js:50:14:50:20 | tainted | semmle.label | tainted |
| polynomial-redos.js:51:26:51:32 | tainted | semmle.label | tainted |
| polynomial-redos.js:51:26:51:32 | tainted | semmle.label | tainted |
| polynomial-redos.js:52:22:52:28 | tainted | semmle.label | tainted |
| polynomial-redos.js:52:22:52:28 | tainted | semmle.label | tainted |
| polynomial-redos.js:53:21:53:27 | tainted | semmle.label | tainted |
| polynomial-redos.js:53:21:53:27 | tainted | semmle.label | tainted |
| polynomial-redos.js:54:22:54:28 | tainted | semmle.label | tainted |
| polynomial-redos.js:54:22:54:28 | tainted | semmle.label | tainted |
| polynomial-redos.js:55:23:55:29 | tainted | semmle.label | tainted |
| polynomial-redos.js:55:23:55:29 | tainted | semmle.label | tainted |
| polynomial-redos.js:56:22:56:28 | tainted | semmle.label | tainted |
| polynomial-redos.js:56:22:56:28 | tainted | semmle.label | tainted |
| polynomial-redos.js:57:25:57:31 | tainted | semmle.label | tainted |
| polynomial-redos.js:57:25:57:31 | tainted | semmle.label | tainted |
| polynomial-redos.js:58:21:58:27 | tainted | semmle.label | tainted |
| polynomial-redos.js:58:21:58:27 | tainted | semmle.label | tainted |
| polynomial-redos.js:59:23:59:29 | tainted | semmle.label | tainted |
| polynomial-redos.js:59:23:59:29 | tainted | semmle.label | tainted |
| polynomial-redos.js:60:17:60:23 | tainted | semmle.label | tainted |
| polynomial-redos.js:61:18:61:24 | tainted | semmle.label | tainted |
| polynomial-redos.js:62:17:62:23 | tainted | semmle.label | tainted |
| polynomial-redos.js:62:17:62:23 | tainted | semmle.label | tainted |
| polynomial-redos.js:63:21:63:27 | tainted | semmle.label | tainted |
| polynomial-redos.js:63:21:63:27 | tainted | semmle.label | tainted |
| polynomial-redos.js:64:24:64:30 | tainted | semmle.label | tainted |
| polynomial-redos.js:64:24:64:30 | tainted | semmle.label | tainted |
| polynomial-redos.js:65:24:65:30 | tainted | semmle.label | tainted |
| polynomial-redos.js:65:24:65:30 | tainted | semmle.label | tainted |
| polynomial-redos.js:66:19:66:25 | tainted | semmle.label | tainted |
| polynomial-redos.js:66:19:66:25 | tainted | semmle.label | tainted |
| polynomial-redos.js:67:18:67:24 | tainted | semmle.label | tainted |
| polynomial-redos.js:67:18:67:24 | tainted | semmle.label | tainted |
| polynomial-redos.js:68:18:68:24 | req.url | semmle.label | req.url |
| polynomial-redos.js:69:18:69:25 | req.body | semmle.label | req.body |
| polynomial-redos.js:71:2:71:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:71:2:71:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:73:2:73:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:73:2:73:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:75:2:75:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:75:2:75:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:77:2:77:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:77:2:77:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:80:2:80:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:80:2:80:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:81:2:81:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:81:2:81:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:82:2:82:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:83:2:83:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:84:2:84:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:86:2:86:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:86:2:86:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:88:2:88:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:88:2:88:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:89:2:89:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:89:2:89:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:90:2:90:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:90:2:90:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:91:2:91:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:92:2:92:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:94:2:94:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:94:2:94:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:95:2:95:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:95:2:95:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:96:2:96:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:96:2:96:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:98:2:98:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:98:2:98:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:100:2:100:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:100:2:100:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:101:2:101:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:101:2:101:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:102:2:102:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:102:2:102:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:103:2:103:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:103:2:103:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:104:2:104:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:104:2:104:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:105:2:105:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:107:2:107:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:107:2:107:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:108:2:108:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:108:2:108:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:109:2:109:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:109:2:109:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:111:2:111:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:111:2:111:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:112:2:112:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:112:2:112:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:114:2:114:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:114:2:114:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:116:2:116:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:116:2:116:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:118:2:118:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:118:2:118:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | semmle.label | (functi ... OK\\n\\t}) [tainted] |
| polynomial-redos.js:121:7:121:55 | replaced | semmle.label | replaced |
| polynomial-redos.js:121:18:121:24 | tainted | semmle.label | tainted |
| polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | semmle.label | tainted ... /g, '') |
| polynomial-redos.js:123:3:123:20 | result | semmle.label | result |
| polynomial-redos.js:123:13:123:20 | replaced | semmle.label | replaced |
| polynomial-redos.js:124:12:124:17 | result | semmle.label | result |
| polynomial-redos.js:127:2:127:8 | tainted | semmle.label | tainted |
| polynomial-redos.js:129:6:129:42 | modified | semmle.label | modified |
| polynomial-redos.js:129:17:129:23 | tainted | semmle.label | tainted |
| polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | semmle.label | tainted ... g, "b") |
| polynomial-redos.js:130:2:130:9 | modified | semmle.label | modified |
| polynomial-redos.js:132:6:132:50 | modified2 | semmle.label | modified2 |
| polynomial-redos.js:132:18:132:24 | tainted | semmle.label | tainted |
| polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | semmle.label | tainted ... g, "e") |
| polynomial-redos.js:133:2:133:10 | modified2 | semmle.label | modified2 |
| polynomial-redos.js:135:9:135:47 | modified3 | semmle.label | modified3 |
| polynomial-redos.js:135:21:135:27 | tainted | semmle.label | tainted |
| polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | semmle.label | tainted ... /g, "") |
| polynomial-redos.js:136:5:136:13 | modified3 | semmle.label | modified3 |
| polynomial-redos.js:138:5:138:11 | tainted | semmle.label | tainted |
subpaths
#select
| lib/closure.js:4:5:4:17 | /u*o/.test(x) | lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | This $@ that depends on $@ may run slow on strings with many repetitions of 'u'. | lib/closure.js:4:6:4:7 | u* | regular expression | lib/closure.js:3:21:3:21 | x | library input |
| lib/indirect.js:2:5:2:17 | /k*h/.test(x) | lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | This $@ that depends on $@ may run slow on strings with many repetitions of 'k'. | lib/indirect.js:2:6:2:7 | k* | regular expression | lib/indirect.js:1:32:1:32 | x | library input |