mirror of
https://github.com/github/codeql.git
synced 2026-04-26 01:05:15 +02:00
JS: Port ExceptionXss
This commit is contained in:
Asger F
@@ -126,10 +126,41 @@ private DataFlow::Node getExceptionTarget(DataFlow::Node pred) {
|
||||
|
||||
/**
|
||||
* A taint-tracking configuration for reasoning about XSS with possible exceptional flow.
|
||||
* Flow labels are used to ensure that we only report taint-flow that has been thrown in
|
||||
* Flow states are used to ensure that we only report taint-flow that has been thrown in
|
||||
* an exception.
|
||||
*/
|
||||
class Configuration extends TaintTracking::Configuration {
|
||||
module ExceptionXssConfig implements DataFlow::StateConfigSig {
|
||||
class FlowState = DataFlow::FlowLabel;
|
||||
|
||||
predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) {
|
||||
source.(Source).getAFlowLabel() = label
|
||||
}
|
||||
|
||||
predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
|
||||
sink instanceof XssShared::Sink and not label instanceof NotYetThrown
|
||||
}
|
||||
|
||||
predicate isBarrier(DataFlow::Node node) { node instanceof XssShared::Sanitizer }
|
||||
|
||||
predicate isAdditionalFlowStep(
|
||||
DataFlow::Node pred, DataFlow::FlowLabel inlbl, DataFlow::Node succ, DataFlow::FlowLabel outlbl
|
||||
) {
|
||||
inlbl instanceof NotYetThrown and
|
||||
(outlbl.isTaint() or outlbl instanceof NotYetThrown) and
|
||||
canThrowSensitiveInformation(pred) and
|
||||
succ = getExceptionTarget(pred)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Taint-tracking for reasoning about XSS with possible exceptional flow.
|
||||
*/
|
||||
module ExceptionXssFlow = TaintTracking::GlobalWithState<ExceptionXssConfig>;
|
||||
|
||||
/**
|
||||
* DEPRECATED. Use the `ExceptionXssFlow` module instead.
|
||||
*/
|
||||
deprecated class Configuration extends TaintTracking::Configuration {
|
||||
Configuration() { this = "ExceptionXss" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) {
|
||||
@@ -145,12 +176,10 @@ class Configuration extends TaintTracking::Configuration {
|
||||
override predicate isAdditionalFlowStep(
|
||||
DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl
|
||||
) {
|
||||
inlbl instanceof NotYetThrown and
|
||||
(outlbl.isTaint() or outlbl instanceof NotYetThrown) and
|
||||
canThrowSensitiveInformation(pred) and
|
||||
succ = getExceptionTarget(pred)
|
||||
ExceptionXssConfig::isAdditionalFlowStep(pred, inlbl, succ, outlbl)
|
||||
or
|
||||
// All the usual taint-flow steps apply on data-flow before it has been thrown in an exception.
|
||||
// Note: this step is not needed in StateConfigSig module since flow states inherit taint steps.
|
||||
this.isAdditionalFlowStep(pred, succ) and
|
||||
inlbl instanceof NotYetThrown and
|
||||
outlbl instanceof NotYetThrown
|
||||
|
||||
@@ -14,10 +14,10 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.ExceptionXssQuery
|
||||
import DataFlow::PathGraph
|
||||
import DataFlow::DeduplicatePathGraph<ExceptionXssFlow::PathNode, ExceptionXssFlow::PathGraph>
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
from PathNode source, PathNode sink
|
||||
where ExceptionXssFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode())
|
||||
select sink.getNode(), source, sink,
|
||||
"$@ is reinterpreted as HTML without escaping meta-characters.", source.getNode(),
|
||||
source.getNode().(Source).getDescription()
|
||||
|
||||
@@ -1,98 +1,85 @@
|
||||
nodes
|
||||
| ajv.js:11:18:11:33 | ajv.errorsText() |
|
||||
| ajv.js:11:18:11:33 | ajv.errorsText() |
|
||||
| ajv.js:11:18:11:33 | ajv.errorsText() |
|
||||
| ajv.js:24:18:24:26 | val.error |
|
||||
| ajv.js:24:18:24:26 | val.error |
|
||||
| ajv.js:24:18:24:26 | val.error |
|
||||
| exception-xss.js:2:6:2:28 | foo |
|
||||
| exception-xss.js:2:12:2:28 | document.location |
|
||||
| exception-xss.js:2:12:2:28 | document.location |
|
||||
| exception-xss.js:9:11:9:13 | foo |
|
||||
| exception-xss.js:10:11:10:11 | e |
|
||||
| exception-xss.js:11:18:11:18 | e |
|
||||
| exception-xss.js:11:18:11:18 | e |
|
||||
| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) |
|
||||
| exception-xss.js:15:9:15:11 | foo |
|
||||
| exception-xss.js:16:11:16:11 | e |
|
||||
| exception-xss.js:17:18:17:18 | e |
|
||||
| exception-xss.js:17:18:17:18 | e |
|
||||
| exception-xss.js:21:11:21:13 | foo |
|
||||
| exception-xss.js:21:11:21:21 | foo + "bar" |
|
||||
| exception-xss.js:22:11:22:11 | e |
|
||||
| exception-xss.js:23:18:23:18 | e |
|
||||
| exception-xss.js:23:18:23:18 | e |
|
||||
| exception-xss.js:33:11:33:22 | ["bar", foo] |
|
||||
| exception-xss.js:33:19:33:21 | foo |
|
||||
| exception-xss.js:34:11:34:11 | e |
|
||||
| exception-xss.js:35:18:35:18 | e |
|
||||
| exception-xss.js:35:18:35:18 | e |
|
||||
| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) |
|
||||
| exception-xss.js:46:8:46:18 | "bar" + foo |
|
||||
| exception-xss.js:46:16:46:18 | foo |
|
||||
| exception-xss.js:47:11:47:11 | e |
|
||||
| exception-xss.js:48:18:48:18 | e |
|
||||
| exception-xss.js:48:18:48:18 | e |
|
||||
| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) |
|
||||
| exception-xss.js:81:16:81:18 | foo |
|
||||
| exception-xss.js:82:11:82:11 | e |
|
||||
| exception-xss.js:83:18:83:18 | e |
|
||||
| exception-xss.js:83:18:83:18 | e |
|
||||
| exception-xss.js:89:11:89:13 | foo |
|
||||
| exception-xss.js:89:11:89:26 | foo.match(/foo/) |
|
||||
| exception-xss.js:90:11:90:11 | e |
|
||||
| exception-xss.js:91:18:91:18 | e |
|
||||
| exception-xss.js:91:18:91:18 | e |
|
||||
| exception-xss.js:95:11:95:22 | [foo, "bar"] |
|
||||
| exception-xss.js:95:12:95:14 | foo |
|
||||
| exception-xss.js:96:11:96:11 | e |
|
||||
| exception-xss.js:97:18:97:18 | e |
|
||||
| exception-xss.js:97:18:97:18 | e |
|
||||
| exception-xss.js:102:12:102:14 | foo |
|
||||
| exception-xss.js:106:11:106:11 | e |
|
||||
| exception-xss.js:107:18:107:18 | e |
|
||||
| exception-xss.js:107:18:107:18 | e |
|
||||
| exception-xss.js:117:11:117:23 | req.params.id |
|
||||
| exception-xss.js:117:11:117:23 | req.params.id |
|
||||
| exception-xss.js:118:11:118:11 | e |
|
||||
| exception-xss.js:119:12:119:28 | "Exception: " + e |
|
||||
| exception-xss.js:119:12:119:28 | "Exception: " + e |
|
||||
| exception-xss.js:119:28:119:28 | e |
|
||||
| exception-xss.js:125:45:125:68 | documen ... .search |
|
||||
| exception-xss.js:125:45:125:68 | documen ... .search |
|
||||
| exception-xss.js:128:11:128:52 | session ... ssion') |
|
||||
| exception-xss.js:129:11:129:11 | e |
|
||||
| exception-xss.js:130:18:130:18 | e |
|
||||
| exception-xss.js:130:18:130:18 | e |
|
||||
| exception-xss.js:136:10:136:22 | req.params.id |
|
||||
| exception-xss.js:136:10:136:22 | req.params.id |
|
||||
| exception-xss.js:136:26:136:30 | error |
|
||||
| exception-xss.js:138:19:138:23 | error |
|
||||
| exception-xss.js:138:19:138:23 | error |
|
||||
| exception-xss.js:146:6:146:35 | foo |
|
||||
| exception-xss.js:146:12:146:35 | documen ... .search |
|
||||
| exception-xss.js:146:12:146:35 | documen ... .search |
|
||||
| exception-xss.js:148:33:148:35 | foo |
|
||||
| exception-xss.js:148:55:148:55 | e |
|
||||
| exception-xss.js:149:18:149:18 | e |
|
||||
| exception-xss.js:149:18:149:18 | e |
|
||||
| exception-xss.js:153:8:153:10 | foo |
|
||||
| exception-xss.js:154:11:154:11 | e |
|
||||
| exception-xss.js:155:18:155:18 | e |
|
||||
| exception-xss.js:155:18:155:18 | e |
|
||||
| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) |
|
||||
| exception-xss.js:174:31:174:33 | foo |
|
||||
| exception-xss.js:174:53:174:53 | e |
|
||||
| exception-xss.js:175:18:175:18 | e |
|
||||
| exception-xss.js:175:18:175:18 | e |
|
||||
| exception-xss.js:180:10:180:22 | req.params.id |
|
||||
| exception-xss.js:180:10:180:22 | req.params.id |
|
||||
| exception-xss.js:180:26:180:30 | error |
|
||||
| exception-xss.js:182:19:182:23 | error |
|
||||
| exception-xss.js:182:19:182:23 | error |
|
||||
| ajv.js:11:18:11:33 | ajv.errorsText() | semmle.label | ajv.errorsText() |
|
||||
| ajv.js:24:18:24:26 | val.error | semmle.label | val.error |
|
||||
| exception-xss.js:2:6:2:28 | foo | semmle.label | foo |
|
||||
| exception-xss.js:2:12:2:28 | document.location | semmle.label | document.location |
|
||||
| exception-xss.js:4:17:4:17 | x | semmle.label | x |
|
||||
| exception-xss.js:5:11:5:11 | x | semmle.label | x |
|
||||
| exception-xss.js:9:11:9:13 | foo | semmle.label | foo |
|
||||
| exception-xss.js:10:11:10:11 | e | semmle.label | e |
|
||||
| exception-xss.js:11:18:11:18 | e | semmle.label | e |
|
||||
| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | semmle.label | exceptional return of inner(foo) |
|
||||
| exception-xss.js:15:9:15:11 | foo | semmle.label | foo |
|
||||
| exception-xss.js:16:11:16:11 | e | semmle.label | e |
|
||||
| exception-xss.js:17:18:17:18 | e | semmle.label | e |
|
||||
| exception-xss.js:21:11:21:13 | foo | semmle.label | foo |
|
||||
| exception-xss.js:21:11:21:21 | foo + "bar" | semmle.label | foo + "bar" |
|
||||
| exception-xss.js:22:11:22:11 | e | semmle.label | e |
|
||||
| exception-xss.js:23:18:23:18 | e | semmle.label | e |
|
||||
| exception-xss.js:33:11:33:22 | ["bar", foo] | semmle.label | ["bar", foo] |
|
||||
| exception-xss.js:33:19:33:21 | foo | semmle.label | foo |
|
||||
| exception-xss.js:34:11:34:11 | e | semmle.label | e |
|
||||
| exception-xss.js:35:18:35:18 | e | semmle.label | e |
|
||||
| exception-xss.js:38:16:38:16 | x | semmle.label | x |
|
||||
| exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | semmle.label | exceptional return of deep2(x) |
|
||||
| exception-xss.js:39:9:39:9 | x | semmle.label | x |
|
||||
| exception-xss.js:41:17:41:17 | x | semmle.label | x |
|
||||
| exception-xss.js:42:3:42:10 | exceptional return of inner(x) | semmle.label | exceptional return of inner(x) |
|
||||
| exception-xss.js:42:9:42:9 | x | semmle.label | x |
|
||||
| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | semmle.label | exceptional return of deep("bar" + foo) |
|
||||
| exception-xss.js:46:8:46:18 | "bar" + foo | semmle.label | "bar" + foo |
|
||||
| exception-xss.js:46:16:46:18 | foo | semmle.label | foo |
|
||||
| exception-xss.js:47:11:47:11 | e | semmle.label | e |
|
||||
| exception-xss.js:48:18:48:18 | e | semmle.label | e |
|
||||
| exception-xss.js:74:28:74:28 | x | semmle.label | x |
|
||||
| exception-xss.js:75:4:75:11 | exceptional return of inner(x) | semmle.label | exceptional return of inner(x) |
|
||||
| exception-xss.js:75:10:75:10 | x | semmle.label | x |
|
||||
| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | semmle.label | exceptional return of myWeirdInner(foo) |
|
||||
| exception-xss.js:81:16:81:18 | foo | semmle.label | foo |
|
||||
| exception-xss.js:82:11:82:11 | e | semmle.label | e |
|
||||
| exception-xss.js:83:18:83:18 | e | semmle.label | e |
|
||||
| exception-xss.js:89:11:89:13 | foo | semmle.label | foo |
|
||||
| exception-xss.js:89:11:89:26 | foo.match(/foo/) | semmle.label | foo.match(/foo/) |
|
||||
| exception-xss.js:90:11:90:11 | e | semmle.label | e |
|
||||
| exception-xss.js:91:18:91:18 | e | semmle.label | e |
|
||||
| exception-xss.js:95:11:95:22 | [foo, "bar"] | semmle.label | [foo, "bar"] |
|
||||
| exception-xss.js:95:12:95:14 | foo | semmle.label | foo |
|
||||
| exception-xss.js:96:11:96:11 | e | semmle.label | e |
|
||||
| exception-xss.js:97:18:97:18 | e | semmle.label | e |
|
||||
| exception-xss.js:102:12:102:14 | foo | semmle.label | foo |
|
||||
| exception-xss.js:106:11:106:11 | e | semmle.label | e |
|
||||
| exception-xss.js:107:18:107:18 | e | semmle.label | e |
|
||||
| exception-xss.js:117:11:117:23 | req.params.id | semmle.label | req.params.id |
|
||||
| exception-xss.js:118:11:118:11 | e | semmle.label | e |
|
||||
| exception-xss.js:119:12:119:28 | "Exception: " + e | semmle.label | "Exception: " + e |
|
||||
| exception-xss.js:119:28:119:28 | e | semmle.label | e |
|
||||
| exception-xss.js:125:45:125:68 | documen ... .search | semmle.label | documen ... .search |
|
||||
| exception-xss.js:128:11:128:52 | session ... ssion') | semmle.label | session ... ssion') |
|
||||
| exception-xss.js:129:11:129:11 | e | semmle.label | e |
|
||||
| exception-xss.js:130:18:130:18 | e | semmle.label | e |
|
||||
| exception-xss.js:136:10:136:22 | req.params.id | semmle.label | req.params.id |
|
||||
| exception-xss.js:136:26:136:30 | error | semmle.label | error |
|
||||
| exception-xss.js:138:19:138:23 | error | semmle.label | error |
|
||||
| exception-xss.js:146:6:146:35 | foo | semmle.label | foo |
|
||||
| exception-xss.js:146:12:146:35 | documen ... .search | semmle.label | documen ... .search |
|
||||
| exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] | semmle.label | new Pro ... solve)) [PromiseError] |
|
||||
| exception-xss.js:148:33:148:35 | foo | semmle.label | foo |
|
||||
| exception-xss.js:148:55:148:55 | e | semmle.label | e |
|
||||
| exception-xss.js:149:18:149:18 | e | semmle.label | e |
|
||||
| exception-xss.js:153:8:153:10 | foo | semmle.label | foo |
|
||||
| exception-xss.js:154:11:154:11 | e | semmle.label | e |
|
||||
| exception-xss.js:155:18:155:18 | e | semmle.label | e |
|
||||
| exception-xss.js:170:17:170:23 | tainted | semmle.label | tainted |
|
||||
| exception-xss.js:171:11:171:17 | tainted | semmle.label | tainted |
|
||||
| exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] | semmle.label | new Pro ... solve)) [PromiseError] |
|
||||
| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | semmle.label | exceptional return of inner(foo, resolve) |
|
||||
| exception-xss.js:174:31:174:33 | foo | semmle.label | foo |
|
||||
| exception-xss.js:174:53:174:53 | e | semmle.label | e |
|
||||
| exception-xss.js:175:18:175:18 | e | semmle.label | e |
|
||||
| exception-xss.js:180:10:180:22 | req.params.id | semmle.label | req.params.id |
|
||||
| exception-xss.js:180:26:180:30 | error | semmle.label | error |
|
||||
| exception-xss.js:182:19:182:23 | error | semmle.label | error |
|
||||
edges
|
||||
| ajv.js:11:18:11:33 | ajv.errorsText() | ajv.js:11:18:11:33 | ajv.errorsText() |
|
||||
| ajv.js:24:18:24:26 | val.error | ajv.js:24:18:24:26 | val.error |
|
||||
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:9:11:9:13 | foo |
|
||||
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:15:9:15:11 | foo |
|
||||
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:21:11:21:13 | foo |
|
||||
@@ -103,75 +90,78 @@ edges
|
||||
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:95:12:95:14 | foo |
|
||||
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:102:12:102:14 | foo |
|
||||
| exception-xss.js:2:12:2:28 | document.location | exception-xss.js:2:6:2:28 | foo |
|
||||
| exception-xss.js:2:12:2:28 | document.location | exception-xss.js:2:6:2:28 | foo |
|
||||
| exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x |
|
||||
| exception-xss.js:9:11:9:13 | foo | exception-xss.js:10:11:10:11 | e |
|
||||
| exception-xss.js:10:11:10:11 | e | exception-xss.js:11:18:11:18 | e |
|
||||
| exception-xss.js:10:11:10:11 | e | exception-xss.js:11:18:11:18 | e |
|
||||
| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | exception-xss.js:16:11:16:11 | e |
|
||||
| exception-xss.js:15:9:15:11 | foo | exception-xss.js:4:17:4:17 | x |
|
||||
| exception-xss.js:15:9:15:11 | foo | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) |
|
||||
| exception-xss.js:16:11:16:11 | e | exception-xss.js:17:18:17:18 | e |
|
||||
| exception-xss.js:16:11:16:11 | e | exception-xss.js:17:18:17:18 | e |
|
||||
| exception-xss.js:21:11:21:13 | foo | exception-xss.js:21:11:21:21 | foo + "bar" |
|
||||
| exception-xss.js:21:11:21:21 | foo + "bar" | exception-xss.js:22:11:22:11 | e |
|
||||
| exception-xss.js:22:11:22:11 | e | exception-xss.js:23:18:23:18 | e |
|
||||
| exception-xss.js:22:11:22:11 | e | exception-xss.js:23:18:23:18 | e |
|
||||
| exception-xss.js:33:11:33:22 | ["bar", foo] | exception-xss.js:34:11:34:11 | e |
|
||||
| exception-xss.js:33:19:33:21 | foo | exception-xss.js:33:11:33:22 | ["bar", foo] |
|
||||
| exception-xss.js:34:11:34:11 | e | exception-xss.js:35:18:35:18 | e |
|
||||
| exception-xss.js:34:11:34:11 | e | exception-xss.js:35:18:35:18 | e |
|
||||
| exception-xss.js:38:16:38:16 | x | exception-xss.js:39:9:39:9 | x |
|
||||
| exception-xss.js:39:9:39:9 | x | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) |
|
||||
| exception-xss.js:39:9:39:9 | x | exception-xss.js:41:17:41:17 | x |
|
||||
| exception-xss.js:41:17:41:17 | x | exception-xss.js:42:9:42:9 | x |
|
||||
| exception-xss.js:42:9:42:9 | x | exception-xss.js:4:17:4:17 | x |
|
||||
| exception-xss.js:42:9:42:9 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) |
|
||||
| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | exception-xss.js:47:11:47:11 | e |
|
||||
| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:38:16:38:16 | x |
|
||||
| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) |
|
||||
| exception-xss.js:46:16:46:18 | foo | exception-xss.js:46:8:46:18 | "bar" + foo |
|
||||
| exception-xss.js:47:11:47:11 | e | exception-xss.js:48:18:48:18 | e |
|
||||
| exception-xss.js:47:11:47:11 | e | exception-xss.js:48:18:48:18 | e |
|
||||
| exception-xss.js:74:28:74:28 | x | exception-xss.js:75:10:75:10 | x |
|
||||
| exception-xss.js:75:10:75:10 | x | exception-xss.js:4:17:4:17 | x |
|
||||
| exception-xss.js:75:10:75:10 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) |
|
||||
| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | exception-xss.js:82:11:82:11 | e |
|
||||
| exception-xss.js:81:16:81:18 | foo | exception-xss.js:74:28:74:28 | x |
|
||||
| exception-xss.js:81:16:81:18 | foo | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) |
|
||||
| exception-xss.js:82:11:82:11 | e | exception-xss.js:83:18:83:18 | e |
|
||||
| exception-xss.js:82:11:82:11 | e | exception-xss.js:83:18:83:18 | e |
|
||||
| exception-xss.js:89:11:89:13 | foo | exception-xss.js:89:11:89:26 | foo.match(/foo/) |
|
||||
| exception-xss.js:89:11:89:26 | foo.match(/foo/) | exception-xss.js:90:11:90:11 | e |
|
||||
| exception-xss.js:90:11:90:11 | e | exception-xss.js:91:18:91:18 | e |
|
||||
| exception-xss.js:90:11:90:11 | e | exception-xss.js:91:18:91:18 | e |
|
||||
| exception-xss.js:95:11:95:22 | [foo, "bar"] | exception-xss.js:96:11:96:11 | e |
|
||||
| exception-xss.js:95:12:95:14 | foo | exception-xss.js:95:11:95:22 | [foo, "bar"] |
|
||||
| exception-xss.js:96:11:96:11 | e | exception-xss.js:97:18:97:18 | e |
|
||||
| exception-xss.js:96:11:96:11 | e | exception-xss.js:97:18:97:18 | e |
|
||||
| exception-xss.js:102:12:102:14 | foo | exception-xss.js:106:11:106:11 | e |
|
||||
| exception-xss.js:106:11:106:11 | e | exception-xss.js:107:18:107:18 | e |
|
||||
| exception-xss.js:106:11:106:11 | e | exception-xss.js:107:18:107:18 | e |
|
||||
| exception-xss.js:117:11:117:23 | req.params.id | exception-xss.js:118:11:118:11 | e |
|
||||
| exception-xss.js:117:11:117:23 | req.params.id | exception-xss.js:118:11:118:11 | e |
|
||||
| exception-xss.js:118:11:118:11 | e | exception-xss.js:119:28:119:28 | e |
|
||||
| exception-xss.js:119:28:119:28 | e | exception-xss.js:119:12:119:28 | "Exception: " + e |
|
||||
| exception-xss.js:119:28:119:28 | e | exception-xss.js:119:12:119:28 | "Exception: " + e |
|
||||
| exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') |
|
||||
| exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') |
|
||||
| exception-xss.js:128:11:128:52 | session ... ssion') | exception-xss.js:129:11:129:11 | e |
|
||||
| exception-xss.js:129:11:129:11 | e | exception-xss.js:130:18:130:18 | e |
|
||||
| exception-xss.js:129:11:129:11 | e | exception-xss.js:130:18:130:18 | e |
|
||||
| exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:136:26:136:30 | error |
|
||||
| exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:136:26:136:30 | error |
|
||||
| exception-xss.js:136:26:136:30 | error | exception-xss.js:138:19:138:23 | error |
|
||||
| exception-xss.js:136:26:136:30 | error | exception-xss.js:138:19:138:23 | error |
|
||||
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:148:33:148:35 | foo |
|
||||
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:153:8:153:10 | foo |
|
||||
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:174:31:174:33 | foo |
|
||||
| exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo |
|
||||
| exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo |
|
||||
| exception-xss.js:148:33:148:35 | foo | exception-xss.js:148:55:148:55 | e |
|
||||
| exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e |
|
||||
| exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] | exception-xss.js:148:55:148:55 | e |
|
||||
| exception-xss.js:148:33:148:35 | foo | exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] |
|
||||
| exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e |
|
||||
| exception-xss.js:153:8:153:10 | foo | exception-xss.js:154:11:154:11 | e |
|
||||
| exception-xss.js:154:11:154:11 | e | exception-xss.js:155:18:155:18 | e |
|
||||
| exception-xss.js:154:11:154:11 | e | exception-xss.js:155:18:155:18 | e |
|
||||
| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | exception-xss.js:174:53:174:53 | e |
|
||||
| exception-xss.js:170:17:170:23 | tainted | exception-xss.js:171:11:171:17 | tainted |
|
||||
| exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] | exception-xss.js:174:53:174:53 | e |
|
||||
| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] |
|
||||
| exception-xss.js:174:31:174:33 | foo | exception-xss.js:170:17:170:23 | tainted |
|
||||
| exception-xss.js:174:31:174:33 | foo | exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) |
|
||||
| exception-xss.js:174:53:174:53 | e | exception-xss.js:175:18:175:18 | e |
|
||||
| exception-xss.js:174:53:174:53 | e | exception-xss.js:175:18:175:18 | e |
|
||||
| exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:180:26:180:30 | error |
|
||||
| exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:180:26:180:30 | error |
|
||||
| exception-xss.js:180:26:180:30 | error | exception-xss.js:182:19:182:23 | error |
|
||||
| exception-xss.js:180:26:180:30 | error | exception-xss.js:182:19:182:23 | error |
|
||||
subpaths
|
||||
| exception-xss.js:15:9:15:11 | foo | exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) |
|
||||
| exception-xss.js:39:9:39:9 | x | exception-xss.js:41:17:41:17 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) |
|
||||
| exception-xss.js:42:9:42:9 | x | exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) |
|
||||
| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:38:16:38:16 | x | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) |
|
||||
| exception-xss.js:75:10:75:10 | x | exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) |
|
||||
| exception-xss.js:81:16:81:18 | foo | exception-xss.js:74:28:74:28 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) |
|
||||
| exception-xss.js:174:31:174:33 | foo | exception-xss.js:170:17:170:23 | tainted | exception-xss.js:171:11:171:17 | tainted | exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) |
|
||||
#select
|
||||
| ajv.js:11:18:11:33 | ajv.errorsText() | ajv.js:11:18:11:33 | ajv.errorsText() | ajv.js:11:18:11:33 | ajv.errorsText() | $@ is reinterpreted as HTML without escaping meta-characters. | ajv.js:11:18:11:33 | ajv.errorsText() | JSON schema validation error |
|
||||
| ajv.js:24:18:24:26 | val.error | ajv.js:24:18:24:26 | val.error | ajv.js:24:18:24:26 | val.error | $@ is reinterpreted as HTML without escaping meta-characters. | ajv.js:24:18:24:26 | val.error | JSON schema validation error |
|
||||
|
||||
Reference in New Issue
Block a user