Merge remote-tracking branch 'upstream/master' into moarExceptions

java/ql/test/queries.xml

@@ -0,0 +1 @@
+<queries language="java"/>

javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java

@@ -777,7 +777,10 @@ public class AutoBuild {
   }
 
   private void extractTypeTable(Path fileHandle, TypeTable table) {
-    TrapWriter trapWriter = outputConfig.getTrapWriterFactory().mkTrapWriter(fileHandle.toFile());
+    TrapWriter trapWriter =
+        outputConfig
+            .getTrapWriterFactory()
+            .mkTrapWriter(new File(fileHandle.toString() + ".codeql-typescript-typetable"));
     try {
       new TypeExtractor(trapWriter, table).extract();
     } finally {

javascript/extractor/src/com/semmle/js/extractor/Main.java

@@ -195,7 +195,13 @@ public class Main {
   }
 
   private void extractTypeTable(File fileHandle, TypeTable table) {
-    TrapWriter trapWriter = extractorOutputConfig.getTrapWriterFactory().mkTrapWriter(fileHandle);
+    TrapWriter trapWriter =
+        extractorOutputConfig
+            .getTrapWriterFactory()
+            .mkTrapWriter(
+                new File(
+                    fileHandle.getParentFile(),
+                    fileHandle.getName() + ".codeql-typescript-typetable"));
     try {
       new TypeExtractor(trapWriter, table).extract();
     } finally {

javascript/ql/src/semmle/javascript/Expr.qll

@@ -454,16 +454,16 @@ class RegExpLiteral extends @regexpliteral, Literal, RegExpParent {
   string getFlags() { result = getValue().regexpCapture(".*/(\\w*)$", 1) }
 
   /** Holds if this regular expression has an `m` flag. */
-  predicate isMultiline() { getFlags().matches("%m%") }
+  predicate isMultiline() { RegExp::isMultiline(getFlags()) }
 
   /** Holds if this regular expression has a `g` flag. */
-  predicate isGlobal() { getFlags().matches("%g%") }
+  predicate isGlobal() { RegExp::isGlobal(getFlags()) }
 
   /** Holds if this regular expression has an `i` flag. */
-  predicate isIgnoreCase() { getFlags().matches("%i%") }
+  predicate isIgnoreCase() { RegExp::isIgnoreCase(getFlags()) }
 
   /** Holds if this regular expression has an `s` flag. */
-  predicate isDotAll() { getFlags().matches("%s%") }
+  predicate isDotAll() { RegExp::isDotAll(getFlags()) }
 }
 
 /**

javascript/ql/src/semmle/javascript/Regexp.qll

@@ -113,9 +113,7 @@ class RegExpTerm extends Locatable, @regexpterm {
   /**
    * Holds if this is the root term of a regular expression.
    */
-  predicate isRootTerm() {
-    not getParent() instanceof RegExpTerm
-  }
+  predicate isRootTerm() { not getParent() instanceof RegExpTerm }
 
   /**
    * Gets the outermost term of this regular expression.
@@ -130,9 +128,7 @@ class RegExpTerm extends Locatable, @regexpterm {
   /**
    * Holds if this term occurs as part of a regular expression literal.
    */
-  predicate isPartOfRegExpLiteral() {
-    exists(getLiteral())
-  }
+  predicate isPartOfRegExpLiteral() { exists(getLiteral()) }
 
   /**
    * Holds if this term occurs as part of a string literal.
@@ -140,9 +136,7 @@ class RegExpTerm extends Locatable, @regexpterm {
    * This predicate holds regardless of whether the string literal is actually
    * used as a regular expression. See `isUsedAsRegExp`.
    */
-  predicate isPartOfStringLiteral() {
-    getRootTerm().getParent() instanceof StringLiteral
-  }
+  predicate isPartOfStringLiteral() { getRootTerm().getParent() instanceof StringLiteral }
 
   /**
    * Holds if this term is part of a regular expression literal, or a string literal
@@ -344,8 +338,7 @@ class RegExpAnchor extends RegExpTerm, @regexp_anchor {
  * ^
  * ```
  */
-class RegExpCaret extends RegExpAnchor, @regexp_caret {
-}
+class RegExpCaret extends RegExpAnchor, @regexp_caret { }
 
 /**
  * A dollar assertion `$` matching the end of a line.
@@ -356,8 +349,7 @@ class RegExpCaret extends RegExpAnchor, @regexp_caret {
  * $
  * ```
  */
-class RegExpDollar extends RegExpAnchor, @regexp_dollar {
-}
+class RegExpDollar extends RegExpAnchor, @regexp_dollar { }
 
 /**
  * A word boundary assertion.
@@ -940,3 +932,131 @@ private class StringRegExpPatternSource extends RegExpPatternSource {
 
   override RegExpTerm getRegExpTerm() { result = asExpr().(StringLiteral).asRegExp() }
 }
+
+module RegExp {
+  /** Gets the string `"?"` used to represent a regular expression whose flags are unknown. */
+  string unknownFlag() { result = "?" }
+
+  /** Holds if `flags` includes the `m` flag. */
+  bindingset[flags]
+  predicate isMultiline(string flags) { flags.matches("%m%") }
+
+  /** Holds if `flags` includes the `g` flag. */
+  bindingset[flags]
+  predicate isGlobal(string flags) { flags.matches("%g%") }
+
+  /** Holds if `flags` includes the `i` flag. */
+  bindingset[flags]
+  predicate isIgnoreCase(string flags) { flags.matches("%i%") }
+
+  /** Holds if `flags` includes the `s` flag. */
+  bindingset[flags]
+  predicate isDotAll(string flags) { flags.matches("%s%") }
+
+  /** Holds if `flags` includes the `m` flag or is the unknown flag `?`. */
+  bindingset[flags]
+  predicate maybeMultiline(string flags) { flags = unknownFlag() or isMultiline(flags) }
+
+  /** Holds if `flags` includes the `g` flag or is the unknown flag `?`. */
+  bindingset[flags]
+  predicate maybeGlobal(string flags) { flags = unknownFlag() or isGlobal(flags) }
+
+  /** Holds if `flags` includes the `i` flag or is the unknown flag `?`. */
+  bindingset[flags]
+  predicate maybeIgnoreCase(string flags) { flags = unknownFlag() or isIgnoreCase(flags) }
+
+  /** Holds if `flags` includes the `s` flag or is the unknown flag `?`. */
+  bindingset[flags]
+  predicate maybeDotAll(string flags) { flags = unknownFlag() or isDotAll(flags) }
+
+  /** Holds if `term` and all of its disjuncts are anchored on both ends. */
+  predicate isFullyAnchoredTerm(RegExpTerm term) {
+    exists(RegExpSequence seq | term = seq |
+      seq.getChild(0) instanceof RegExpCaret and
+      seq.getLastChild() instanceof RegExpDollar
+    )
+    or
+    isFullyAnchoredTerm(term.(RegExpGroup).getAChild())
+    or
+    isFullyAnchoredAlt(term, term.getNumChild())
+  }
+
+  /** Holds if the first `i` disjuncts of `term` are fully anchored. */
+  private predicate isFullyAnchoredAlt(RegExpAlt term, int i) {
+    isFullyAnchoredTerm(term.getChild(0)) and i = 1
+    or
+    isFullyAnchoredAlt(term, i - 1) and
+    isFullyAnchoredTerm(term.getChild(i - 1))
+  }
+
+  /**
+   * Holds if `term` matches any character except for explicitly listed exceptions.
+   *
+   * For example, holds for `.`, `[^<>]`, or `\W`, but not for `[a-z]`, `\w`, or `[^\W\S]`.
+   */
+  predicate isWildcardLike(RegExpTerm term) {
+    term instanceof RegExpDot
+    or
+    term.(RegExpCharacterClassEscape).getValue().isUppercase()
+    or
+    // [^a-z]
+    exists(RegExpCharacterClass cls | term = cls |
+      cls.isInverted() and
+      not cls.getAChild().(RegExpCharacterClassEscape).getValue().isUppercase()
+    )
+    or
+    // [\W]
+    exists(RegExpCharacterClass cls | term = cls |
+      not cls.isInverted() and
+      cls.getAChild().(RegExpCharacterClassEscape).getValue().isUppercase()
+    )
+  }
+
+  /**
+   * Holds if `term` is a generic sanitizer for strings that match (if `outcome` is true)
+   * or strings that don't match (if `outcome` is false).
+   *
+   * Specifically, whitelisting regexps such as `^(foo|bar)$` sanitize matches in the true case.
+   * Inverted character classes such as `[^a-z]` or `\W` sanitize matches in the false case.
+   */
+  predicate isGenericRegExpSanitizer(RegExpTerm term, boolean outcome) {
+    term.isRootTerm() and
+    (
+      outcome = true and
+      isFullyAnchoredTerm(term) and
+      not isWildcardLike(term.getAChild*())
+      or
+      // Character set restrictions like `/[^a-z]/.test(x)` sanitize in the false case
+      outcome = false and
+      exists(RegExpTerm root |
+        root = term
+        or
+        root = term.(RegExpGroup).getAChild()
+      |
+        isWildcardLike(root)
+        or
+        isWildcardLike(root.(RegExpAlt).getAChild())
+      )
+    )
+  }
+
+  /**
+   * Gets the AST of a regular expression object that can flow to `node`.
+   */
+  RegExpTerm getRegExpObjectFromNode(DataFlow::Node node) {
+    exists(DataFlow::RegExpCreationNode regexp |
+      regexp.getAReference().flowsTo(node) and
+      result = regexp.getRoot()
+    )
+  }
+
+  /**
+   * Gets the AST of a regular expression that can flow to `node`,
+   * including `RegExp` objects as well as strings interpreted as regular expressions.
+   */
+  RegExpTerm getRegExpFromNode(DataFlow::Node node) {
+    result = getRegExpObjectFromNode(node)
+    or
+    result = node.asExpr().(StringLiteral).asRegExp()
+  }
+}

javascript/ql/src/semmle/javascript/dataflow/Nodes.qll

@@ -546,6 +546,11 @@ class RegExpLiteralNode extends DataFlow::ValueNode, DataFlow::SourceNode {
 
   /** Gets the root term of this regular expression. */
   RegExpTerm getRoot() { result = astNode.getRoot() }
+
+  /** Gets the flags of this regular expression literal. */
+  string getFlags() {
+    result = astNode.getFlags()
+  }
 }
 
 /**
@@ -1315,3 +1320,110 @@ module PartialInvokeNode {
  * This contributes additional argument-passing flow edges that should be added to all data flow configurations.
  */
 deprecated class AdditionalPartialInvokeNode = PartialInvokeNode::Range;
+
+/**
+ * An invocation of the `RegExp` constructor.
+ *
+ * Example:
+ * ```js
+ * new RegExp("#[a-z]+", "g");
+ * RegExp("^\w*$");
+ * ```
+ */
+class RegExpConstructorInvokeNode extends DataFlow::InvokeNode {
+  RegExpConstructorInvokeNode() {
+    this = DataFlow::globalVarRef("RegExp").getAnInvocation()
+  }
+
+  /**
+   * Gets the AST of the regular expression created here, provided that the
+   * first argument is a string literal.
+   */
+  RegExpTerm getRoot() {
+    result = getArgument(0).asExpr().(StringLiteral).asRegExp()
+  }
+
+  /**
+   * Gets the flags provided in the second argument, or an empty string if no
+   * flags are provided.
+   *
+   * Has no result if the flags are provided but are not constant.
+   */
+  string getFlags() {
+    result = getArgument(1).getStringValue()
+    or
+    not exists(getArgument(1)) and
+    result = ""
+  }
+
+  /**
+   * Gets the flags provided in the second argument, or an empty string if no
+   * flags are provided, or the string `"?"` if the provided flags are not known.
+   */
+  string tryGetFlags() {
+    result = getFlags()
+    or
+    not exists(getFlags()) and
+    result = RegExp::unknownFlag()
+  }
+}
+
+/**
+ * A data flow node corresponding to a regular expression literal or
+ * an invocation of the `RegExp` constructor.
+ *
+ * Examples:
+ * ```js
+ * new RegExp("#[a-z]+", "g");
+ * RegExp("^\w*$");
+ * /[a-z]+/i
+ * ```
+ */
+class RegExpCreationNode extends DataFlow::SourceNode {
+  RegExpCreationNode() {
+    this instanceof RegExpConstructorInvokeNode or
+    this instanceof RegExpLiteralNode
+  }
+
+  /**
+   * Gets the root term of the created regular expression, if it is known.
+   *
+   * Has no result for calls to `RegExp` with a non-constant argument.
+   */
+  RegExpTerm getRoot() {
+    result = this.(RegExpConstructorInvokeNode).getRoot() or
+    result = this.(RegExpLiteralNode).getRoot()
+  }
+
+  /**
+   * Gets the provided regular expression flags, if they are known.
+   */
+  string getFlags() {
+    result = this.(RegExpConstructorInvokeNode).getFlags() or
+    result = this.(RegExpLiteralNode).getFlags()
+  }
+
+  /**
+   * Gets the flags provided in the second argument, or an empty string if no
+   * flags are provided, or the string `"?"` if the provided flags are not known.
+   */
+  string tryGetFlags() {
+    result = this.(RegExpConstructorInvokeNode).tryGetFlags() or
+    result = this.(RegExpLiteralNode).getFlags()
+  }
+
+  /** Gets a data flow node referring to this regular expression. */
+  private DataFlow::SourceNode getAReference(DataFlow::TypeTracker t) {
+    t.start() and
+    result = this
+    or
+    exists(DataFlow::TypeTracker t2 |
+      result = getAReference(t2).track(t2, t)
+    )
+  }
+
+  /** Gets a data flow node referring to this regular expression. */
+  DataFlow::SourceNode getAReference() {
+    result = getAReference(DataFlow::TypeTracker::end())
+  }
+}

javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll

@@ -696,33 +696,37 @@ module TaintTracking {
    */
   class SanitizingRegExpTest extends AdditionalSanitizerGuardNode, DataFlow::ValueNode {
     Expr expr;
+    boolean sanitizedOutcome;
 
     SanitizingRegExpTest() {
       exists(MethodCallExpr mce, Expr base, string m, Expr firstArg |
         mce = astNode and mce.calls(base, m) and firstArg = mce.getArgument(0)
       |
         // /re/.test(u) or /re/.exec(u)
-        base.analyze().getAType() = TTRegExp() and
+        RegExp::isGenericRegExpSanitizer(RegExp::getRegExpObjectFromNode(base.flow()), sanitizedOutcome) and
         (m = "test" or m = "exec") and
         firstArg = expr
         or
         // u.match(/re/) or u.match("re")
         base = expr and
         m = "match" and
-        exists(InferredType firstArgType | firstArgType = firstArg.analyze().getAType() |
-          firstArgType = TTRegExp() or firstArgType = TTString()
-        )
+        RegExp::isGenericRegExpSanitizer(RegExp::getRegExpFromNode(firstArg.flow()), sanitizedOutcome)
       )
       or
       // m = /re/.exec(u) and similar
-      DataFlow::valueNode(astNode.(AssignExpr).getRhs()).(SanitizingRegExpTest).getSanitizedExpr() =
-        expr
+      exists(SanitizingRegExpTest other |
+        other = DataFlow::valueNode(astNode.(AssignExpr).getRhs()) and
+        expr = other.getSanitizedExpr() and
+        sanitizedOutcome = other.getSanitizedOutcome()
+      )
     }
 
     private Expr getSanitizedExpr() { result = expr }
 
+    private boolean getSanitizedOutcome() { result = sanitizedOutcome }
+
     override predicate sanitizes(boolean outcome, Expr e) {
-      (outcome = true or outcome = false) and
+      outcome = sanitizedOutcome and
       e = expr
     }
 

javascript/ql/test/library-tests/Files/relativePaths.expected

@@ -1,2 +1,2 @@
-| a.js:0:0:0:0 | a.js | a.js |
-| b/c.js:0:0:0:0 | b/c.js | b/c.js |
+| a.js:0:0:0:0 | a.js | library-tests/Files/a.js |
+| b/c.js:0:0:0:0 | b/c.js | library-tests/Files/b/c.js |

javascript/ql/test/library-tests/Modules/tests.expected

@@ -61,14 +61,14 @@ test_ExportDeclarations
 | m/c.js:5:1:5:30 | export  ... '../b'; |
 | tst.html:7:3:7:22 | export const y = 42; |
 test_getAnImportedModule
-| b.js | a.js |
-| d.js | a.js |
-| d.js | b.js |
-| es2015_require.js | d.js |
-| f.ts | e.js |
-| g.ts | f.ts |
-| import-ts-with-js-extension.ts | f.ts |
-| m/c.js | b.js |
+| library-tests/Modules/b.js | library-tests/Modules/a.js |
+| library-tests/Modules/d.js | library-tests/Modules/a.js |
+| library-tests/Modules/d.js | library-tests/Modules/b.js |
+| library-tests/Modules/es2015_require.js | library-tests/Modules/d.js |
+| library-tests/Modules/f.ts | library-tests/Modules/e.js |
+| library-tests/Modules/g.ts | library-tests/Modules/f.ts |
+| library-tests/Modules/import-ts-with-js-extension.ts | library-tests/Modules/f.ts |
+| library-tests/Modules/m/c.js | library-tests/Modules/b.js |
 test_getSourceNode
 | a.js:1:1:3:1 | export  ... n 23;\\n} | default | a.js:1:16:3:1 | functio ... n 23;\\n} |
 | a.js:5:1:5:32 | export  ...  } = o; | x | a.js:5:18:5:20 | f() |

javascript/ql/test/library-tests/NodeJS/RequireImport.expected

@@ -2,12 +2,12 @@
 | a.js:3:6:3:23 | require('./sub/c') | ./sub/c | sub/c.js:1:1:4:0 | <toplevel> |
 | a.js:4:6:4:29 | require ... /d.js') | ./sub/../d.js | d.js:1:1:7:15 | <toplevel> |
 | a.js:7:1:7:18 | require('./sub/c') | ./sub/c | sub/c.js:1:1:4:0 | <toplevel> |
-| a.js:10:1:10:18 | require(__dirname) |  | index.js:1:1:3:0 | <toplevel> |
-| a.js:11:1:11:25 | require ... + '/e') | /e | e.js:1:1:6:0 | <toplevel> |
+| a.js:10:1:10:18 | require(__dirname) | /library-tests/NodeJS | index.js:1:1:3:0 | <toplevel> |
+| a.js:11:1:11:25 | require ... + '/e') | /library-tests/NodeJS/e | e.js:1:1:6:0 | <toplevel> |
 | a.js:12:1:12:28 | require ...  + 'c') | ./sub/c | sub/c.js:1:1:4:0 | <toplevel> |
 | b.js:1:1:1:18 | require('./sub/c') | ./sub/c | sub/c.js:1:1:4:0 | <toplevel> |
 | d.js:7:1:7:14 | require('foo') | foo | sub/f.js:1:1:4:17 | <toplevel> |
-| index.js:2:1:2:41 | require ... b.js")) | /index.js/../b.js | b.js:1:1:8:0 | <toplevel> |
+| index.js:2:1:2:41 | require ... b.js")) | /library-tests/NodeJS/index.js/../b.js | b.js:1:1:8:0 | <toplevel> |
 | mjs-files/require-from-js.js:1:12:1:36 | require ... on-me') | ./depend-on-me | mjs-files/depend-on-me.mjs:1:1:7:1 | <toplevel> |
 | mjs-files/require-from-js.js:2:12:2:39 | require ... me.js') | ./depend-on-me.js | mjs-files/depend-on-me.js:1:1:8:0 | <toplevel> |
 | mjs-files/require-from-js.js:3:12:3:40 | require ... e.mjs') | ./depend-on-me.mjs | mjs-files/depend-on-me.mjs:1:1:7:1 | <toplevel> |

javascript/ql/test/library-tests/TaintBarriers/SanitizingGuard.expected

@@ -1,7 +1,5 @@
-| tst.js:5:9:5:19 | /x/.test(v) | ExampleConfiguration | false | tst.js:5:18:5:18 | v |
-| tst.js:5:9:5:19 | /x/.test(v) | ExampleConfiguration | true | tst.js:5:18:5:18 | v |
-| tst.js:11:9:11:20 | v.match(/x/) | ExampleConfiguration | false | tst.js:11:9:11:9 | v |
-| tst.js:11:9:11:20 | v.match(/x/) | ExampleConfiguration | true | tst.js:11:9:11:9 | v |
+| tst.js:5:9:5:21 | /^x$/.test(v) | ExampleConfiguration | true | tst.js:5:20:5:20 | v |
+| tst.js:11:9:11:25 | v.match(/[^a-z]/) | ExampleConfiguration | false | tst.js:11:9:11:9 | v |
 | tst.js:23:9:23:27 | o.hasOwnProperty(v) | ExampleConfiguration | true | tst.js:23:26:23:26 | v |
 | tst.js:35:9:35:14 | v in o | ExampleConfiguration | true | tst.js:35:9:35:9 | v |
 | tst.js:47:9:47:25 | o[v] == undefined | ExampleConfiguration | false | tst.js:47:11:47:11 | v |

javascript/ql/test/library-tests/TaintBarriers/TaintedSink.expected

@@ -1,4 +1,6 @@
 | tst.js:3:10:3:10 | v | tst.js:2:13:2:20 | SOURCE() |
+| tst.js:8:14:8:14 | v | tst.js:2:13:2:20 | SOURCE() |
+| tst.js:12:14:12:14 | v | tst.js:2:13:2:20 | SOURCE() |
 | tst.js:21:10:21:10 | v | tst.js:20:13:20:20 | SOURCE() |
 | tst.js:26:14:26:14 | v | tst.js:20:13:20:20 | SOURCE() |
 | tst.js:33:10:33:10 | v | tst.js:32:13:32:20 | SOURCE() |

javascript/ql/test/library-tests/TaintBarriers/isBarrier.expected

@@ -1,6 +1,4 @@
 | tst.js:6:14:6:14 | v | ExampleConfiguration |
-| tst.js:8:14:8:14 | v | ExampleConfiguration |
-| tst.js:12:14:12:14 | v | ExampleConfiguration |
 | tst.js:14:14:14:14 | v | ExampleConfiguration |
 | tst.js:24:14:24:14 | v | ExampleConfiguration |
 | tst.js:36:14:36:14 | v | ExampleConfiguration |

javascript/ql/test/library-tests/TaintBarriers/tst.js

@@ -2,16 +2,16 @@ function SanitizingRegExpTest () {
     var v = SOURCE();
     SINK(v);
 
-    if (/x/.test(v)) {
-        SINK(v);
+    if (/^x$/.test(v)) {
+        SINK(v); // sanitized
     } else {
         SINK(v);
     }
 
-    if (v.match(/x/)) {
+    if (v.match(/[^a-z]/)) {
         SINK(v);
     } else {
-        SINK(v);
+        SINK(v); // sanitized
     }
 
 }

javascript/ql/test/library-tests/TypeScript/ExpansiveTypes/ExpansiveTypes.expected

@@ -1,23 +1,23 @@
-| Box in shared_non_expansive.ts | has no properties |
-| Box in through_non_expansive.ts | has no properties |
-| C in expansive_class.ts | has no properties |
-| Expand in through_non_expansive.ts | has no properties |
-| ExpandUsingObjectLiteral in expansive_object_literal.ts | has no properties |
-| Expansive in leading_into_expansion.ts | has no properties |
-| Expansive in simple.ts | has no properties |
-| ExpansiveA in mutual.ts | has no properties |
-| ExpansiveA in mutual_multigraph.ts | has no properties |
-| ExpansiveB in mutual.ts | has no properties |
-| ExpansiveB in mutual_multigraph.ts | has no properties |
-| ExpansiveByInference in expansive_by_inference.ts | has no properties |
-| ExpansiveC in mutual.ts | has no properties |
-| ExpansiveC in mutual_multigraph.ts | has no properties |
-| ExpansiveConstructSignature in expansive_signature.ts | has no properties |
-| ExpansiveD in mutual.ts | has no properties |
-| ExpansiveD in mutual_multigraph.ts | has no properties |
-| ExpansiveFunctionType in expansive_signature.ts | has no properties |
-| ExpansiveMethod in expansive_signature.ts | has no properties |
-| ExpansiveParameter in expansive_signature.ts | has no properties |
-| ExpansiveSignature in expansive_signature.ts | has no properties |
-| ExpansiveSignatureTypeBound in expansive_signature.ts | has no properties |
-| ExpansiveX in used_from_expansion.ts | has no properties |
+| Box in library-tests/TypeScript/ExpansiveTypes/shared_non_expansive.ts | has no properties |
+| Box in library-tests/TypeScript/ExpansiveTypes/through_non_expansive.ts | has no properties |
+| C in library-tests/TypeScript/ExpansiveTypes/expansive_class.ts | has no properties |
+| Expand in library-tests/TypeScript/ExpansiveTypes/through_non_expansive.ts | has no properties |
+| ExpandUsingObjectLiteral in library-tests/TypeScript/ExpansiveTypes/expansive_object_literal.ts | has no properties |
+| Expansive in library-tests/TypeScript/ExpansiveTypes/leading_into_expansion.ts | has no properties |
+| Expansive in library-tests/TypeScript/ExpansiveTypes/simple.ts | has no properties |
+| ExpansiveA in library-tests/TypeScript/ExpansiveTypes/mutual.ts | has no properties |
+| ExpansiveA in library-tests/TypeScript/ExpansiveTypes/mutual_multigraph.ts | has no properties |
+| ExpansiveB in library-tests/TypeScript/ExpansiveTypes/mutual.ts | has no properties |
+| ExpansiveB in library-tests/TypeScript/ExpansiveTypes/mutual_multigraph.ts | has no properties |
+| ExpansiveByInference in library-tests/TypeScript/ExpansiveTypes/expansive_by_inference.ts | has no properties |
+| ExpansiveC in library-tests/TypeScript/ExpansiveTypes/mutual.ts | has no properties |
+| ExpansiveC in library-tests/TypeScript/ExpansiveTypes/mutual_multigraph.ts | has no properties |
+| ExpansiveConstructSignature in library-tests/TypeScript/ExpansiveTypes/expansive_signature.ts | has no properties |
+| ExpansiveD in library-tests/TypeScript/ExpansiveTypes/mutual.ts | has no properties |
+| ExpansiveD in library-tests/TypeScript/ExpansiveTypes/mutual_multigraph.ts | has no properties |
+| ExpansiveFunctionType in library-tests/TypeScript/ExpansiveTypes/expansive_signature.ts | has no properties |
+| ExpansiveMethod in library-tests/TypeScript/ExpansiveTypes/expansive_signature.ts | has no properties |
+| ExpansiveParameter in library-tests/TypeScript/ExpansiveTypes/expansive_signature.ts | has no properties |
+| ExpansiveSignature in library-tests/TypeScript/ExpansiveTypes/expansive_signature.ts | has no properties |
+| ExpansiveSignatureTypeBound in library-tests/TypeScript/ExpansiveTypes/expansive_signature.ts | has no properties |
+| ExpansiveX in library-tests/TypeScript/ExpansiveTypes/used_from_expansion.ts | has no properties |

javascript/ql/test/library-tests/TypeScript/ExpansiveTypes/NonExpansiveTypes.expected

@@ -1,31 +1,31 @@
-| After in leading_into_expansion.ts | has properties |
-| AfterX in used_from_expansion.ts | has properties |
+| After in library-tests/TypeScript/ExpansiveTypes/leading_into_expansion.ts | has properties |
+| AfterX in library-tests/TypeScript/ExpansiveTypes/used_from_expansion.ts | has properties |
 | Array in global scope | has properties |
-| Before in leading_into_expansion.ts | has properties |
-| BeforeX in used_from_expansion.ts | has properties |
-| Box in shared_non_expansive.ts | has properties |
-| Box in through_non_expansive.ts | has properties |
-| C in expansive_class.ts | has properties |
-| Expand in through_non_expansive.ts | has properties |
-| ExpandUsingObjectLiteral in expansive_object_literal.ts | has properties |
-| Expansive in leading_into_expansion.ts | has properties |
-| Expansive in simple.ts | has properties |
-| ExpansiveA in mutual.ts | has properties |
-| ExpansiveA in mutual_multigraph.ts | has properties |
-| ExpansiveB in mutual.ts | has properties |
-| ExpansiveB in mutual_multigraph.ts | has properties |
-| ExpansiveByInference in expansive_by_inference.ts | has properties |
-| ExpansiveC in mutual.ts | has properties |
-| ExpansiveC in mutual_multigraph.ts | has properties |
-| ExpansiveConstructSignature in expansive_signature.ts | has properties |
-| ExpansiveD in mutual.ts | has properties |
-| ExpansiveD in mutual_multigraph.ts | has properties |
-| ExpansiveFunctionType in expansive_signature.ts | has properties |
-| ExpansiveMethod in expansive_signature.ts | has properties |
-| ExpansiveParameter in expansive_signature.ts | has properties |
-| ExpansiveSignature in expansive_signature.ts | has properties |
-| ExpansiveSignatureTypeBound in expansive_signature.ts | has properties |
-| ExpansiveX in used_from_expansion.ts | has properties |
+| Before in library-tests/TypeScript/ExpansiveTypes/leading_into_expansion.ts | has properties |
+| BeforeX in library-tests/TypeScript/ExpansiveTypes/used_from_expansion.ts | has properties |
+| Box in library-tests/TypeScript/ExpansiveTypes/shared_non_expansive.ts | has properties |
+| Box in library-tests/TypeScript/ExpansiveTypes/through_non_expansive.ts | has properties |
+| C in library-tests/TypeScript/ExpansiveTypes/expansive_class.ts | has properties |
+| Expand in library-tests/TypeScript/ExpansiveTypes/through_non_expansive.ts | has properties |
+| ExpandUsingObjectLiteral in library-tests/TypeScript/ExpansiveTypes/expansive_object_literal.ts | has properties |
+| Expansive in library-tests/TypeScript/ExpansiveTypes/leading_into_expansion.ts | has properties |
+| Expansive in library-tests/TypeScript/ExpansiveTypes/simple.ts | has properties |
+| ExpansiveA in library-tests/TypeScript/ExpansiveTypes/mutual.ts | has properties |
+| ExpansiveA in library-tests/TypeScript/ExpansiveTypes/mutual_multigraph.ts | has properties |
+| ExpansiveB in library-tests/TypeScript/ExpansiveTypes/mutual.ts | has properties |
+| ExpansiveB in library-tests/TypeScript/ExpansiveTypes/mutual_multigraph.ts | has properties |
+| ExpansiveByInference in library-tests/TypeScript/ExpansiveTypes/expansive_by_inference.ts | has properties |
+| ExpansiveC in library-tests/TypeScript/ExpansiveTypes/mutual.ts | has properties |
+| ExpansiveC in library-tests/TypeScript/ExpansiveTypes/mutual_multigraph.ts | has properties |
+| ExpansiveConstructSignature in library-tests/TypeScript/ExpansiveTypes/expansive_signature.ts | has properties |
+| ExpansiveD in library-tests/TypeScript/ExpansiveTypes/mutual.ts | has properties |
+| ExpansiveD in library-tests/TypeScript/ExpansiveTypes/mutual_multigraph.ts | has properties |
+| ExpansiveFunctionType in library-tests/TypeScript/ExpansiveTypes/expansive_signature.ts | has properties |
+| ExpansiveMethod in library-tests/TypeScript/ExpansiveTypes/expansive_signature.ts | has properties |
+| ExpansiveParameter in library-tests/TypeScript/ExpansiveTypes/expansive_signature.ts | has properties |
+| ExpansiveSignature in library-tests/TypeScript/ExpansiveTypes/expansive_signature.ts | has properties |
+| ExpansiveSignatureTypeBound in library-tests/TypeScript/ExpansiveTypes/expansive_signature.ts | has properties |
+| ExpansiveX in library-tests/TypeScript/ExpansiveTypes/used_from_expansion.ts | has properties |
 | Intl.CollatorOptions in global scope | has properties |
 | Intl.NumberFormatOptions in global scope | has properties |
-| NonExpansive in shared_non_expansive.ts | has properties |
+| NonExpansive in library-tests/TypeScript/ExpansiveTypes/shared_non_expansive.ts | has properties |

javascript/ql/test/library-tests/TypeScript/QualifiedNameResolution/Namespaces.expected

@@ -1,34 +1,34 @@
-| A in enums.ts |
-| A in export-qualified.ts |
-| A in namespaces.ts |
-| A.B in export-qualified.ts |
-| A.C in namespaces.ts |
-| A.E in enums.ts |
+| A in library-tests/TypeScript/QualifiedNameResolution/enums.ts |
+| A in library-tests/TypeScript/QualifiedNameResolution/export-qualified.ts |
+| A in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| A.B in library-tests/TypeScript/QualifiedNameResolution/export-qualified.ts |
+| A.C in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| A.E in library-tests/TypeScript/QualifiedNameResolution/enums.ts |
 | B in namespaces.ts:3 |
 | B in namespaces.ts:10 |
 | B.Bx in namespaces.ts:3 |
 | B.Bx in namespaces.ts:10 |
-| D in export-specifiers.ts |
-| D in namespaces.ts |
-| D in otherlib.ts |
-| D.F in namespaces.ts |
+| D in library-tests/TypeScript/QualifiedNameResolution/export-specifiers.ts |
+| D in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| D in library-tests/TypeScript/QualifiedNameResolution/otherlib.ts |
+| D.F in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
 | E in namespaces.ts:17 |
 | E in namespaces.ts:22 |
 | Foo in global scope |
-| G in namespaces.ts |
-| G.J in namespaces.ts |
+| G in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| G.J in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
 | Glob in global scope |
 | H in namespaces.ts:27 |
 | H.I in namespaces.ts:27 |
 | Intl in global scope |
-| N in export-specifiers.ts |
+| N in library-tests/TypeScript/QualifiedNameResolution/export-specifiers.ts |
 | X in global scope |
-| X in namespaces.ts |
-| X.Y in namespaces.ts |
-| X.Y.Z in namespaces.ts |
+| X in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| X.Y in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| X.Y.Z in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
 | Y in global scope |
-| export-class.ts |
-| namespaces.ts |
-| otherlib.ts |
-| reexport-all.ts |
-| reexport-named.ts |
+| library-tests/TypeScript/QualifiedNameResolution/export-class.ts |
+| library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| library-tests/TypeScript/QualifiedNameResolution/otherlib.ts |
+| library-tests/TypeScript/QualifiedNameResolution/reexport-all.ts |
+| library-tests/TypeScript/QualifiedNameResolution/reexport-named.ts |

javascript/ql/test/library-tests/TypeScript/QualifiedNameResolution/ResolveNamespace.expected

@@ -1,31 +1,31 @@
 | ambient.ts:5:16:5:18 | Foo | Foo in global scope |
-| enums.ts:9:8:9:8 | A | A in enums.ts |
-| enums.ts:9:8:9:10 | A.E | A.E in enums.ts |
-| enums.ts:10:8:10:8 | A | A in enums.ts |
-| export-qualified-client.ts:3:8:3:9 | AB | A.B in export-qualified.ts |
-| export-specifiers-client.ts:4:8:4:8 | N | N in export-specifiers.ts |
-| export-specifiers-client.ts:5:8:5:8 | D | D in export-specifiers.ts |
+| enums.ts:9:8:9:8 | A | A in library-tests/TypeScript/QualifiedNameResolution/enums.ts |
+| enums.ts:9:8:9:10 | A.E | A.E in library-tests/TypeScript/QualifiedNameResolution/enums.ts |
+| enums.ts:10:8:10:8 | A | A in library-tests/TypeScript/QualifiedNameResolution/enums.ts |
+| export-qualified-client.ts:3:8:3:9 | AB | A.B in library-tests/TypeScript/QualifiedNameResolution/export-qualified.ts |
+| export-specifiers-client.ts:4:8:4:8 | N | N in library-tests/TypeScript/QualifiedNameResolution/export-specifiers.ts |
+| export-specifiers-client.ts:5:8:5:8 | D | D in library-tests/TypeScript/QualifiedNameResolution/export-specifiers.ts |
 | global.ts:5:9:5:12 | Glob | Glob in global scope |
 | import-in-namespace.ts:9:13:9:13 | A | X in global scope |
-| namespaces-client.ts:4:9:4:10 | ns | namespaces.ts |
-| namespaces-client.ts:4:9:4:12 | ns.G | G in namespaces.ts |
-| namespaces-client.ts:5:9:5:9 | G | G in namespaces.ts |
-| namespaces-client.ts:6:9:6:9 | G | G in namespaces.ts |
-| namespaces-client.ts:6:9:6:11 | G.J | G.J in namespaces.ts |
-| reexport-all-client.ts:4:9:4:10 | ns | reexport-all.ts |
-| reexport-all-client.ts:4:9:4:12 | ns.G | G in namespaces.ts |
-| reexport-all-client.ts:5:9:5:9 | G | G in namespaces.ts |
-| reexport-all-client.ts:6:9:6:9 | G | G in namespaces.ts |
-| reexport-all-client.ts:6:9:6:11 | G.J | G.J in namespaces.ts |
-| reexport-all-client.ts:8:8:8:8 | D | D in otherlib.ts |
-| reexport-all-client.ts:9:8:9:9 | ns | reexport-all.ts |
-| reexport-all-client.ts:9:8:9:11 | ns.D | D in otherlib.ts |
-| reexport-all-client.ts:11:8:11:9 | ns | reexport-all.ts |
-| reexport-named-client.ts:4:9:4:10 | ns | reexport-named.ts |
-| reexport-named-client.ts:4:9:4:12 | ns.G | G in namespaces.ts |
-| reexport-named-client.ts:5:9:5:9 | G | G in namespaces.ts |
-| reexport-named-client.ts:6:9:6:9 | G | G in namespaces.ts |
-| reexport-named-client.ts:6:9:6:11 | G.J | G.J in namespaces.ts |
-| reexport-named-client.ts:8:8:8:8 | X | D in namespaces.ts |
-| reexport-named-client.ts:9:8:9:9 | ns | reexport-named.ts |
-| reexport-named-client.ts:9:8:9:11 | ns.X | D in namespaces.ts |
+| namespaces-client.ts:4:9:4:10 | ns | library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| namespaces-client.ts:4:9:4:12 | ns.G | G in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| namespaces-client.ts:5:9:5:9 | G | G in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| namespaces-client.ts:6:9:6:9 | G | G in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| namespaces-client.ts:6:9:6:11 | G.J | G.J in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| reexport-all-client.ts:4:9:4:10 | ns | library-tests/TypeScript/QualifiedNameResolution/reexport-all.ts |
+| reexport-all-client.ts:4:9:4:12 | ns.G | G in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| reexport-all-client.ts:5:9:5:9 | G | G in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| reexport-all-client.ts:6:9:6:9 | G | G in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| reexport-all-client.ts:6:9:6:11 | G.J | G.J in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| reexport-all-client.ts:8:8:8:8 | D | D in library-tests/TypeScript/QualifiedNameResolution/otherlib.ts |
+| reexport-all-client.ts:9:8:9:9 | ns | library-tests/TypeScript/QualifiedNameResolution/reexport-all.ts |
+| reexport-all-client.ts:9:8:9:11 | ns.D | D in library-tests/TypeScript/QualifiedNameResolution/otherlib.ts |
+| reexport-all-client.ts:11:8:11:9 | ns | library-tests/TypeScript/QualifiedNameResolution/reexport-all.ts |
+| reexport-named-client.ts:4:9:4:10 | ns | library-tests/TypeScript/QualifiedNameResolution/reexport-named.ts |
+| reexport-named-client.ts:4:9:4:12 | ns.G | G in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| reexport-named-client.ts:5:9:5:9 | G | G in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| reexport-named-client.ts:6:9:6:9 | G | G in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| reexport-named-client.ts:6:9:6:11 | G.J | G.J in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| reexport-named-client.ts:8:8:8:8 | X | D in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| reexport-named-client.ts:9:8:9:9 | ns | library-tests/TypeScript/QualifiedNameResolution/reexport-named.ts |
+| reexport-named-client.ts:9:8:9:11 | ns.X | D in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |

javascript/ql/test/library-tests/TypeScript/QualifiedNameResolution/ResolveTypeName.expected

@@ -1,23 +1,23 @@
 | ambient.ts:5:16:5:20 | Foo.C | Foo.C in global scope |
-| enums.ts:9:8:9:12 | A.E.x | A.E.x in enums.ts |
-| enums.ts:10:8:10:10 | A.E | A.E in enums.ts |
-| export-class-client-renamed.ts:3:8:3:8 | X | Banana in export-class.ts |
-| export-class-client.ts:3:8:3:13 | Banana | Banana in export-class.ts |
-| export-qualified-client.ts:3:8:3:11 | AB.C | A.B.C in export-qualified.ts |
-| export-specifiers-client.ts:4:8:4:10 | N.C | N.C in export-specifiers.ts |
-| export-specifiers-client.ts:5:8:5:10 | D.C | D.C in export-specifiers.ts |
-| export-specifiers-client.ts:6:8:6:8 | C | C in export-specifiers.ts |
+| enums.ts:9:8:9:12 | A.E.x | A.E.x in library-tests/TypeScript/QualifiedNameResolution/enums.ts |
+| enums.ts:10:8:10:10 | A.E | A.E in library-tests/TypeScript/QualifiedNameResolution/enums.ts |
+| export-class-client-renamed.ts:3:8:3:8 | X | Banana in library-tests/TypeScript/QualifiedNameResolution/export-class.ts |
+| export-class-client.ts:3:8:3:13 | Banana | Banana in library-tests/TypeScript/QualifiedNameResolution/export-class.ts |
+| export-qualified-client.ts:3:8:3:11 | AB.C | A.B.C in library-tests/TypeScript/QualifiedNameResolution/export-qualified.ts |
+| export-specifiers-client.ts:4:8:4:10 | N.C | N.C in library-tests/TypeScript/QualifiedNameResolution/export-specifiers.ts |
+| export-specifiers-client.ts:5:8:5:10 | D.C | D.C in library-tests/TypeScript/QualifiedNameResolution/export-specifiers.ts |
+| export-specifiers-client.ts:6:8:6:8 | C | C in library-tests/TypeScript/QualifiedNameResolution/export-specifiers.ts |
 | global.ts:5:9:5:14 | Glob.C | Glob.C in global scope |
 | import-in-namespace.ts:9:13:9:15 | A.C | X.C in global scope |
 | import-in-namespace.ts:10:13:10:13 | D | X.C in global scope |
-| namespaces-client.ts:4:9:4:14 | ns.G.C | G.C in namespaces.ts |
-| namespaces-client.ts:5:9:5:11 | G.C | G.C in namespaces.ts |
-| namespaces-client.ts:6:9:6:13 | G.J.C | G.J.C in namespaces.ts |
-| reexport-all-client.ts:4:9:4:14 | ns.G.C | G.C in namespaces.ts |
-| reexport-all-client.ts:5:9:5:11 | G.C | G.C in namespaces.ts |
-| reexport-all-client.ts:6:9:6:13 | G.J.C | G.J.C in namespaces.ts |
-| reexport-all-client.ts:11:8:11:16 | ns.Banana | Banana in export-class.ts |
-| reexport-named-client.ts:4:9:4:14 | ns.G.C | G.C in namespaces.ts |
-| reexport-named-client.ts:5:9:5:11 | G.C | G.C in namespaces.ts |
-| reexport-named-client.ts:6:9:6:13 | G.J.C | G.J.C in namespaces.ts |
-| reexport-named-client.ts:11:9:11:9 | Y | Banana in export-class.ts |
+| namespaces-client.ts:4:9:4:14 | ns.G.C | G.C in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| namespaces-client.ts:5:9:5:11 | G.C | G.C in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| namespaces-client.ts:6:9:6:13 | G.J.C | G.J.C in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| reexport-all-client.ts:4:9:4:14 | ns.G.C | G.C in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| reexport-all-client.ts:5:9:5:11 | G.C | G.C in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| reexport-all-client.ts:6:9:6:13 | G.J.C | G.J.C in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| reexport-all-client.ts:11:8:11:16 | ns.Banana | Banana in library-tests/TypeScript/QualifiedNameResolution/export-class.ts |
+| reexport-named-client.ts:4:9:4:14 | ns.G.C | G.C in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| reexport-named-client.ts:5:9:5:11 | G.C | G.C in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| reexport-named-client.ts:6:9:6:13 | G.J.C | G.J.C in library-tests/TypeScript/QualifiedNameResolution/namespaces.ts |
+| reexport-named-client.ts:11:9:11:9 | Y | Banana in library-tests/TypeScript/QualifiedNameResolution/export-class.ts |

javascript/ql/test/library-tests/TypeScript/RegressionTests/EmptyName/test.expected

@@ -3,8 +3,8 @@
 | Intl.CollatorOptions in global scope |
 | Intl.NumberFormatOptions in global scope |
 | MK in unknown scope |
-| Mapped in test.ts |
+| Mapped in library-tests/TypeScript/RegressionTests/EmptyName/test.ts |
 | RegExp in global scope |
 | RegExpMatchArray in global scope |
-| fn in test.ts |
-| test.ts |
+| fn in library-tests/TypeScript/RegressionTests/EmptyName/test.ts |
+| library-tests/TypeScript/RegressionTests/EmptyName/test.ts |

javascript/ql/test/library-tests/TypeScript/RegressionTests/ExportEqualsExpr/test.expected

@@ -1,7 +1,7 @@
 | "bar" in global scope |
 | C in module 'bar' |
 | Foo in global scope |
-| Foo in tst.ts |
+| Foo in library-tests/TypeScript/RegressionTests/ExportEqualsExpr/tst.ts |
+| library-tests/TypeScript/RegressionTests/ExportEqualsExpr/tst.ts |
 | module 'bar' |
 | module 'foo' |
-| tst.ts |

javascript/ql/test/library-tests/TypeScript/RegressionTests/SemicolonInName/test.expected

@@ -1,4 +1,4 @@
 | Bar.Foo in global scope | Bar in global scope |
 | Intl.CollatorOptions in global scope | Intl in global scope |
 | Intl.NumberFormatOptions in global scope | Intl in global scope |
-| fn in test.ts | test.ts |
+| fn in library-tests/TypeScript/RegressionTests/SemicolonInName/test.ts | library-tests/TypeScript/RegressionTests/SemicolonInName/test.ts |

javascript/ql/test/library-tests/TypeScript/SyntaxErrors/SyntaxErrors.expected

@@ -1 +1 @@
-| jsdocTypes.ts | This file contains a parse error |
+| library-tests/TypeScript/SyntaxErrors/jsdocTypes.ts | This file contains a parse error |

javascript/ql/test/library-tests/TypeScript/Types/GetExprType.expected

@@ -1,4 +1,4 @@
-| boolean-type.ts:1:13:1:17 | dummy | typeof dummy.ts |
+| boolean-type.ts:1:13:1:17 | dummy | typeof library-tests/TypeScript/Types/dummy.ts |
 | boolean-type.ts:1:24:1:32 | "./dummy" | any |
 | boolean-type.ts:3:5:3:9 | true1 | true |
 | boolean-type.ts:4:5:4:9 | true2 | true |
@@ -12,7 +12,7 @@
 | boolean-type.ts:15:5:15:12 | boolean6 | boolean |
 | dummy.ts:2:12:2:12 | x | number |
 | dummy.ts:2:16:2:16 | 5 | 5 |
-| tst.ts:1:13:1:17 | dummy | typeof dummy.ts |
+| tst.ts:1:13:1:17 | dummy | typeof library-tests/TypeScript/Types/dummy.ts |
 | tst.ts:1:24:1:32 | "./dummy" | any |
 | tst.ts:3:5:3:10 | numVar | number |
 | tst.ts:5:5:5:8 | num1 | number |
@@ -117,18 +117,18 @@
 | type_alias.ts:26:19:26:20 | id | string |
 | type_alias.ts:26:23:26:36 | "second-child" | "second-child" |
 | type_alias.ts:26:41:26:62 | "I'm th ...  child" | "I'm the second child" |
-| type_definition_objects.ts:1:13:1:17 | dummy | typeof dummy.ts |
+| type_definition_objects.ts:1:13:1:17 | dummy | typeof library-tests/TypeScript/Types/dummy.ts |
 | type_definition_objects.ts:1:24:1:32 | "./dummy" | any |
 | type_definition_objects.ts:3:14:3:14 | C | C |
-| type_definition_objects.ts:4:5:4:12 | classObj | typeof C in type_definition_objects.ts |
-| type_definition_objects.ts:4:16:4:16 | C | typeof C in type_definition_objects.ts |
+| type_definition_objects.ts:4:5:4:12 | classObj | typeof C in library-tests/TypeScript/Types/type_definition_objects.ts |
+| type_definition_objects.ts:4:16:4:16 | C | typeof C in library-tests/TypeScript/Types/type_definition_objects.ts |
 | type_definition_objects.ts:6:13:6:13 | E | E |
-| type_definition_objects.ts:7:5:7:11 | enumObj | typeof E in type_definition_objects.ts |
-| type_definition_objects.ts:7:15:7:15 | E | typeof E in type_definition_objects.ts |
-| type_definition_objects.ts:9:18:9:18 | N | typeof N in type_definition_objects.ts |
-| type_definition_objects.ts:10:5:10:16 | namespaceObj | typeof N in type_definition_objects.ts |
-| type_definition_objects.ts:10:20:10:20 | N | typeof N in type_definition_objects.ts |
-| type_definitions.ts:1:13:1:17 | dummy | typeof dummy.ts |
+| type_definition_objects.ts:7:5:7:11 | enumObj | typeof E in library-tests/TypeScript/Types/type_definition_objects.ts |
+| type_definition_objects.ts:7:15:7:15 | E | typeof E in library-tests/TypeScript/Types/type_definition_objects.ts |
+| type_definition_objects.ts:9:18:9:18 | N | typeof N in library-tests/TypeScript/Types/type_definition_objects.ts |
+| type_definition_objects.ts:10:5:10:16 | namespaceObj | typeof N in library-tests/TypeScript/Types/type_definition_objects.ts |
+| type_definition_objects.ts:10:20:10:20 | N | typeof N in library-tests/TypeScript/Types/type_definition_objects.ts |
+| type_definitions.ts:1:13:1:17 | dummy | typeof library-tests/TypeScript/Types/dummy.ts |
 | type_definitions.ts:1:24:1:32 | "./dummy" | any |
 | type_definitions.ts:4:3:4:3 | x | S |
 | type_definitions.ts:6:5:6:5 | i | I<number> |

javascript/ql/test/queries.xml

@@ -0,0 +1 @@
+<queries language="javascript"/>

javascript/ql/test/query-tests/Metrics/ExternalDependencies/ExternalDependencies.expected

@@ -1,9 +1,9 @@
-| /src/tst.html<\|>jquery<\|>23.0.0 | 4 |
-| /src/a.js<\|>lib3<\|>unknown | 3 |
-| /src/tst.html<\|>jquery<\|>42.0.0 | 3 |
-| /src/a.js<\|>lib1<\|>1.0.2 | 2 |
-| /src/b.js<\|>lib3<\|>unknown | 2 |
-| /src/a.js<\|>lib2<\|>1.0.0 | 1 |
-| /src/b.js<\|>lib2<\|>1.0.0 | 1 |
-| /src/sub/c.js<\|>lib1<\|>1.0.2 | 1 |
-| /src/sub/subsub/d.js<\|>lib1<\|>1.0.3 | 1 |
+| /query-tests/Metrics/ExternalDependencies/src/tst.html<\|>jquery<\|>23.0.0 | 4 |
+| /query-tests/Metrics/ExternalDependencies/src/a.js<\|>lib3<\|>unknown | 3 |
+| /query-tests/Metrics/ExternalDependencies/src/tst.html<\|>jquery<\|>42.0.0 | 3 |
+| /query-tests/Metrics/ExternalDependencies/src/a.js<\|>lib1<\|>1.0.2 | 2 |
+| /query-tests/Metrics/ExternalDependencies/src/b.js<\|>lib3<\|>unknown | 2 |
+| /query-tests/Metrics/ExternalDependencies/src/a.js<\|>lib2<\|>1.0.0 | 1 |
+| /query-tests/Metrics/ExternalDependencies/src/b.js<\|>lib2<\|>1.0.0 | 1 |
+| /query-tests/Metrics/ExternalDependencies/src/sub/c.js<\|>lib1<\|>1.0.2 | 1 |
+| /query-tests/Metrics/ExternalDependencies/src/sub/subsub/d.js<\|>lib1<\|>1.0.3 | 1 |

javascript/ql/test/query-tests/NodeJS/CyclicImport/CyclicImport.expected

@@ -1,7 +1,7 @@
 | a.js:4:9:4:25 | require('./b.js') | Module a imports module b, which in turn $@ it. | b.js:4:9:4:25 | require('./a.js') | imports |
 | b.js:4:9:4:25 | require('./a.js') | Module b imports module a, which in turn $@ it. | a.js:4:9:4:25 | require('./b.js') | imports |
 | selfimport.js:1:1:1:23 | require ... mport') | Module selfimport directly imports itself. | selfimport.js:1:1:1:24 | <toplevel> |  |
-| test1/a.js:1:1:1:27 | require ... ner/a') | Module /test1/a.js imports module .../inner/a.js, which in turn $@ it. | test2/inner/a.js:1:1:1:24 | require ... st1/a') | imports |
+| test1/a.js:1:1:1:27 | require ... ner/a') | Module .../test1/a.js imports module .../inner/a.js, which in turn $@ it. | test2/inner/a.js:1:1:1:24 | require ... st1/a') | imports |
 | test1/a.js:2:1:2:14 | require('./b') | Module a imports module b, which in turn $@ it. | test1/b.js:1:1:1:27 | require ... ner/a') | indirectly imports |
 | test1/b.js:1:1:1:27 | require ... ner/a') | Module b imports module a, which in turn $@ it. | test2/inner/a.js:1:1:1:24 | require ... st1/a') | indirectly imports |
-| test2/inner/a.js:1:1:1:24 | require ... st1/a') | Module .../inner/a.js imports module /test1/a.js, which in turn $@ it. | test1/a.js:1:1:1:27 | require ... ner/a') | imports |
+| test2/inner/a.js:1:1:1:24 | require ... st1/a') | Module .../inner/a.js imports module .../test1/a.js, which in turn $@ it. | test1/a.js:1:1:1:27 | require ... ner/a') | imports |

javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss.expected

@@ -85,16 +85,16 @@ nodes
 | exception-xss.js:174:53:174:53 | e |
 | exception-xss.js:175:22:175:22 | e |
 | exception-xss.js:175:22:175:22 | e |
-| tst.js:298:9:298:16 | location |
-| tst.js:298:9:298:16 | location |
-| tst.js:299:10:299:10 | e |
-| tst.js:300:20:300:20 | e |
-| tst.js:300:20:300:20 | e |
-| tst.js:305:10:305:17 | location |
-| tst.js:305:10:305:17 | location |
-| tst.js:307:10:307:10 | e |
-| tst.js:308:20:308:20 | e |
-| tst.js:308:20:308:20 | e |
+| tst.js:304:9:304:16 | location |
+| tst.js:304:9:304:16 | location |
+| tst.js:305:10:305:10 | e |
+| tst.js:306:20:306:20 | e |
+| tst.js:306:20:306:20 | e |
+| tst.js:311:10:311:17 | location |
+| tst.js:311:10:311:17 | location |
+| tst.js:313:10:313:10 | e |
+| tst.js:314:20:314:20 | e |
+| tst.js:314:20:314:20 | e |
 edges
 | exception-xss.js:2:9:2:31 | foo | exception-xss.js:9:11:9:13 | foo |
 | exception-xss.js:2:9:2:31 | foo | exception-xss.js:15:9:15:11 | foo |
@@ -177,14 +177,14 @@ edges
 | exception-xss.js:174:31:174:33 | foo | exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) |
 | exception-xss.js:174:53:174:53 | e | exception-xss.js:175:22:175:22 | e |
 | exception-xss.js:174:53:174:53 | e | exception-xss.js:175:22:175:22 | e |
-| tst.js:298:9:298:16 | location | tst.js:299:10:299:10 | e |
-| tst.js:298:9:298:16 | location | tst.js:299:10:299:10 | e |
-| tst.js:299:10:299:10 | e | tst.js:300:20:300:20 | e |
-| tst.js:299:10:299:10 | e | tst.js:300:20:300:20 | e |
-| tst.js:305:10:305:17 | location | tst.js:307:10:307:10 | e |
-| tst.js:305:10:305:17 | location | tst.js:307:10:307:10 | e |
-| tst.js:307:10:307:10 | e | tst.js:308:20:308:20 | e |
-| tst.js:307:10:307:10 | e | tst.js:308:20:308:20 | e |
+| tst.js:304:9:304:16 | location | tst.js:305:10:305:10 | e |
+| tst.js:304:9:304:16 | location | tst.js:305:10:305:10 | e |
+| tst.js:305:10:305:10 | e | tst.js:306:20:306:20 | e |
+| tst.js:305:10:305:10 | e | tst.js:306:20:306:20 | e |
+| tst.js:311:10:311:17 | location | tst.js:313:10:313:10 | e |
+| tst.js:311:10:311:17 | location | tst.js:313:10:313:10 | e |
+| tst.js:313:10:313:10 | e | tst.js:314:20:314:20 | e |
+| tst.js:313:10:313:10 | e | tst.js:314:20:314:20 | e |
 #select
 | exception-xss.js:11:18:11:18 | e | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:11:18:11:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:2:15:2:31 | document.location | user-provided value |
 | exception-xss.js:17:18:17:18 | e | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:17:18:17:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:2:15:2:31 | document.location | user-provided value |
@@ -202,5 +202,5 @@ edges
 | exception-xss.js:155:19:155:19 | e | exception-xss.js:146:15:146:31 | document.location | exception-xss.js:155:19:155:19 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:146:15:146:31 | document.location | user-provided value |
 | exception-xss.js:161:19:161:19 | e | exception-xss.js:146:15:146:31 | document.location | exception-xss.js:161:19:161:19 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:146:15:146:31 | document.location | user-provided value |
 | exception-xss.js:175:22:175:22 | e | exception-xss.js:146:15:146:31 | document.location | exception-xss.js:175:22:175:22 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:146:15:146:31 | document.location | user-provided value |
-| tst.js:300:20:300:20 | e | tst.js:298:9:298:16 | location | tst.js:300:20:300:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:298:9:298:16 | location | user-provided value |
-| tst.js:308:20:308:20 | e | tst.js:305:10:305:17 | location | tst.js:308:20:308:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:305:10:305:17 | location | user-provided value |
+| tst.js:306:20:306:20 | e | tst.js:304:9:304:16 | location | tst.js:306:20:306:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:304:9:304:16 | location | user-provided value |
+| tst.js:314:20:314:20 | e | tst.js:311:10:311:17 | location | tst.js:314:20:314:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:311:10:311:17 | location | user-provided value |

javascript/ql/test/query-tests/Security/CWE-079/Xss.expected

@@ -234,103 +234,105 @@ nodes
 | tst.js:110:11:110:44 | documen ... bstr(1) |
 | tst.js:113:18:113:18 | v |
 | tst.js:113:18:113:18 | v |
-| tst.js:145:29:145:43 | window.location |
-| tst.js:145:29:145:43 | window.location |
-| tst.js:145:29:145:50 | window. ... .search |
-| tst.js:148:29:148:29 | v |
-| tst.js:148:49:148:49 | v |
-| tst.js:148:49:148:49 | v |
-| tst.js:152:29:152:46 | xssSourceService() |
-| tst.js:152:29:152:46 | xssSourceService() |
-| tst.js:155:40:155:54 | window.location |
-| tst.js:155:40:155:54 | window.location |
-| tst.js:155:40:155:61 | window. ... .search |
-| tst.js:174:9:174:41 | target |
-| tst.js:174:18:174:34 | document.location |
-| tst.js:174:18:174:34 | document.location |
-| tst.js:174:18:174:41 | documen ... .search |
-| tst.js:177:28:177:33 | target |
-| tst.js:177:28:177:33 | target |
-| tst.js:181:9:181:42 | tainted |
-| tst.js:181:19:181:35 | document.location |
-| tst.js:181:19:181:35 | document.location |
-| tst.js:181:19:181:42 | documen ... .search |
-| tst.js:183:31:183:37 | tainted |
-| tst.js:183:31:183:37 | tainted |
-| tst.js:185:42:185:48 | tainted |
-| tst.js:185:42:185:48 | tainted |
-| tst.js:186:33:186:39 | tainted |
-| tst.js:186:33:186:39 | tainted |
-| tst.js:188:54:188:60 | tainted |
-| tst.js:188:54:188:60 | tainted |
-| tst.js:189:45:189:51 | tainted |
-| tst.js:189:45:189:51 | tainted |
-| tst.js:194:9:194:42 | tainted |
-| tst.js:194:19:194:35 | document.location |
-| tst.js:194:19:194:35 | document.location |
-| tst.js:194:19:194:42 | documen ... .search |
-| tst.js:196:67:196:73 | tainted |
-| tst.js:196:67:196:73 | tainted |
-| tst.js:197:67:197:73 | tainted |
-| tst.js:197:67:197:73 | tainted |
-| tst.js:201:35:201:41 | tainted |
-| tst.js:203:46:203:52 | tainted |
-| tst.js:204:38:204:44 | tainted |
-| tst.js:205:35:205:41 | tainted |
-| tst.js:209:28:209:46 | this.state.tainted1 |
-| tst.js:209:28:209:46 | this.state.tainted1 |
-| tst.js:210:28:210:46 | this.state.tainted2 |
-| tst.js:210:28:210:46 | this.state.tainted2 |
-| tst.js:211:28:211:46 | this.state.tainted3 |
-| tst.js:211:28:211:46 | this.state.tainted3 |
-| tst.js:215:32:215:49 | prevState.tainted4 |
-| tst.js:215:32:215:49 | prevState.tainted4 |
-| tst.js:222:28:222:46 | this.props.tainted1 |
-| tst.js:222:28:222:46 | this.props.tainted1 |
-| tst.js:223:28:223:46 | this.props.tainted2 |
-| tst.js:223:28:223:46 | this.props.tainted2 |
-| tst.js:224:28:224:46 | this.props.tainted3 |
-| tst.js:224:28:224:46 | this.props.tainted3 |
-| tst.js:228:32:228:49 | prevProps.tainted4 |
-| tst.js:228:32:228:49 | prevProps.tainted4 |
-| tst.js:233:35:233:41 | tainted |
-| tst.js:235:20:235:26 | tainted |
-| tst.js:237:23:237:29 | tainted |
-| tst.js:238:23:238:29 | tainted |
-| tst.js:244:39:244:55 | props.propTainted |
-| tst.js:248:60:248:82 | this.st ... Tainted |
-| tst.js:248:60:248:82 | this.st ... Tainted |
-| tst.js:252:23:252:29 | tainted |
-| tst.js:256:7:256:17 | window.name |
-| tst.js:256:7:256:17 | window.name |
-| tst.js:256:7:256:17 | window.name |
-| tst.js:257:7:257:10 | name |
-| tst.js:257:7:257:10 | name |
-| tst.js:257:7:257:10 | name |
-| tst.js:261:11:261:21 | window.name |
-| tst.js:261:11:261:21 | window.name |
-| tst.js:261:11:261:21 | window.name |
-| tst.js:277:22:277:29 | location |
-| tst.js:277:22:277:29 | location |
-| tst.js:277:22:277:29 | location |
-| tst.js:282:9:282:29 | tainted |
-| tst.js:282:19:282:29 | window.name |
-| tst.js:282:19:282:29 | window.name |
-| tst.js:285:59:285:65 | tainted |
-| tst.js:285:59:285:65 | tainted |
-| tst.js:298:9:298:16 | location |
-| tst.js:298:9:298:16 | location |
-| tst.js:299:10:299:10 | e |
-| tst.js:300:20:300:20 | e |
-| tst.js:300:20:300:20 | e |
-| tst.js:305:10:305:17 | location |
-| tst.js:305:10:305:17 | location |
-| tst.js:307:10:307:10 | e |
-| tst.js:308:20:308:20 | e |
-| tst.js:308:20:308:20 | e |
-| tst.js:313:35:313:42 | location |
-| tst.js:313:35:313:42 | location |
-| tst.js:313:35:313:42 | location |
+| tst.js:139:18:139:18 | v |
+| tst.js:139:18:139:18 | v |
+| tst.js:151:29:151:43 | window.location |
+| tst.js:151:29:151:43 | window.location |
+| tst.js:151:29:151:50 | window. ... .search |
+| tst.js:154:29:154:29 | v |
+| tst.js:154:49:154:49 | v |
+| tst.js:154:49:154:49 | v |
+| tst.js:158:29:158:46 | xssSourceService() |
+| tst.js:158:29:158:46 | xssSourceService() |
+| tst.js:161:40:161:54 | window.location |
+| tst.js:161:40:161:54 | window.location |
+| tst.js:161:40:161:61 | window. ... .search |
+| tst.js:180:9:180:41 | target |
+| tst.js:180:18:180:34 | document.location |
+| tst.js:180:18:180:34 | document.location |
+| tst.js:180:18:180:41 | documen ... .search |
+| tst.js:183:28:183:33 | target |
+| tst.js:183:28:183:33 | target |
+| tst.js:187:9:187:42 | tainted |
+| tst.js:187:19:187:35 | document.location |
+| tst.js:187:19:187:35 | document.location |
+| tst.js:187:19:187:42 | documen ... .search |
+| tst.js:189:31:189:37 | tainted |
+| tst.js:189:31:189:37 | tainted |
+| tst.js:191:42:191:48 | tainted |
+| tst.js:191:42:191:48 | tainted |
+| tst.js:192:33:192:39 | tainted |
+| tst.js:192:33:192:39 | tainted |
+| tst.js:194:54:194:60 | tainted |
+| tst.js:194:54:194:60 | tainted |
+| tst.js:195:45:195:51 | tainted |
+| tst.js:195:45:195:51 | tainted |
+| tst.js:200:9:200:42 | tainted |
+| tst.js:200:19:200:35 | document.location |
+| tst.js:200:19:200:35 | document.location |
+| tst.js:200:19:200:42 | documen ... .search |
+| tst.js:202:67:202:73 | tainted |
+| tst.js:202:67:202:73 | tainted |
+| tst.js:203:67:203:73 | tainted |
+| tst.js:203:67:203:73 | tainted |
+| tst.js:207:35:207:41 | tainted |
+| tst.js:209:46:209:52 | tainted |
+| tst.js:210:38:210:44 | tainted |
+| tst.js:211:35:211:41 | tainted |
+| tst.js:215:28:215:46 | this.state.tainted1 |
+| tst.js:215:28:215:46 | this.state.tainted1 |
+| tst.js:216:28:216:46 | this.state.tainted2 |
+| tst.js:216:28:216:46 | this.state.tainted2 |
+| tst.js:217:28:217:46 | this.state.tainted3 |
+| tst.js:217:28:217:46 | this.state.tainted3 |
+| tst.js:221:32:221:49 | prevState.tainted4 |
+| tst.js:221:32:221:49 | prevState.tainted4 |
+| tst.js:228:28:228:46 | this.props.tainted1 |
+| tst.js:228:28:228:46 | this.props.tainted1 |
+| tst.js:229:28:229:46 | this.props.tainted2 |
+| tst.js:229:28:229:46 | this.props.tainted2 |
+| tst.js:230:28:230:46 | this.props.tainted3 |
+| tst.js:230:28:230:46 | this.props.tainted3 |
+| tst.js:234:32:234:49 | prevProps.tainted4 |
+| tst.js:234:32:234:49 | prevProps.tainted4 |
+| tst.js:239:35:239:41 | tainted |
+| tst.js:241:20:241:26 | tainted |
+| tst.js:243:23:243:29 | tainted |
+| tst.js:244:23:244:29 | tainted |
+| tst.js:250:39:250:55 | props.propTainted |
+| tst.js:254:60:254:82 | this.st ... Tainted |
+| tst.js:254:60:254:82 | this.st ... Tainted |
+| tst.js:258:23:258:29 | tainted |
+| tst.js:262:7:262:17 | window.name |
+| tst.js:262:7:262:17 | window.name |
+| tst.js:262:7:262:17 | window.name |
+| tst.js:263:7:263:10 | name |
+| tst.js:263:7:263:10 | name |
+| tst.js:263:7:263:10 | name |
+| tst.js:267:11:267:21 | window.name |
+| tst.js:267:11:267:21 | window.name |
+| tst.js:267:11:267:21 | window.name |
+| tst.js:283:22:283:29 | location |
+| tst.js:283:22:283:29 | location |
+| tst.js:283:22:283:29 | location |
+| tst.js:288:9:288:29 | tainted |
+| tst.js:288:19:288:29 | window.name |
+| tst.js:288:19:288:29 | window.name |
+| tst.js:291:59:291:65 | tainted |
+| tst.js:291:59:291:65 | tainted |
+| tst.js:304:9:304:16 | location |
+| tst.js:304:9:304:16 | location |
+| tst.js:305:10:305:10 | e |
+| tst.js:306:20:306:20 | e |
+| tst.js:306:20:306:20 | e |
+| tst.js:311:10:311:17 | location |
+| tst.js:311:10:311:17 | location |
+| tst.js:313:10:313:10 | e |
+| tst.js:314:20:314:20 | e |
+| tst.js:314:20:314:20 | e |
+| tst.js:319:35:319:42 | location |
+| tst.js:319:35:319:42 | location |
+| tst.js:319:35:319:42 | location |
 | typeahead.js:20:13:20:45 | target |
 | typeahead.js:20:22:20:38 | document.location |
 | typeahead.js:20:22:20:38 | document.location |
@@ -555,89 +557,91 @@ edges
 | tst.js:105:25:105:41 | document.location | tst.js:105:25:105:48 | documen ... .search |
 | tst.js:110:7:110:44 | v | tst.js:113:18:113:18 | v |
 | tst.js:110:7:110:44 | v | tst.js:113:18:113:18 | v |
+| tst.js:110:7:110:44 | v | tst.js:139:18:139:18 | v |
+| tst.js:110:7:110:44 | v | tst.js:139:18:139:18 | v |
 | tst.js:110:11:110:27 | document.location | tst.js:110:11:110:34 | documen ... .search |
 | tst.js:110:11:110:27 | document.location | tst.js:110:11:110:34 | documen ... .search |
 | tst.js:110:11:110:34 | documen ... .search | tst.js:110:11:110:44 | documen ... bstr(1) |
 | tst.js:110:11:110:44 | documen ... bstr(1) | tst.js:110:7:110:44 | v |
-| tst.js:145:29:145:43 | window.location | tst.js:145:29:145:50 | window. ... .search |
-| tst.js:145:29:145:43 | window.location | tst.js:145:29:145:50 | window. ... .search |
-| tst.js:145:29:145:50 | window. ... .search | tst.js:148:29:148:29 | v |
-| tst.js:148:29:148:29 | v | tst.js:148:49:148:49 | v |
-| tst.js:148:29:148:29 | v | tst.js:148:49:148:49 | v |
-| tst.js:155:40:155:54 | window.location | tst.js:155:40:155:61 | window. ... .search |
-| tst.js:155:40:155:54 | window.location | tst.js:155:40:155:61 | window. ... .search |
-| tst.js:155:40:155:61 | window. ... .search | tst.js:152:29:152:46 | xssSourceService() |
-| tst.js:155:40:155:61 | window. ... .search | tst.js:152:29:152:46 | xssSourceService() |
-| tst.js:174:9:174:41 | target | tst.js:177:28:177:33 | target |
-| tst.js:174:9:174:41 | target | tst.js:177:28:177:33 | target |
-| tst.js:174:18:174:34 | document.location | tst.js:174:18:174:41 | documen ... .search |
-| tst.js:174:18:174:34 | document.location | tst.js:174:18:174:41 | documen ... .search |
-| tst.js:174:18:174:41 | documen ... .search | tst.js:174:9:174:41 | target |
-| tst.js:181:9:181:42 | tainted | tst.js:183:31:183:37 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:183:31:183:37 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:185:42:185:48 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:185:42:185:48 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:186:33:186:39 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:186:33:186:39 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:188:54:188:60 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:188:54:188:60 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:189:45:189:51 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:189:45:189:51 | tainted |
-| tst.js:181:19:181:35 | document.location | tst.js:181:19:181:42 | documen ... .search |
-| tst.js:181:19:181:35 | document.location | tst.js:181:19:181:42 | documen ... .search |
-| tst.js:181:19:181:42 | documen ... .search | tst.js:181:9:181:42 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:196:67:196:73 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:196:67:196:73 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:197:67:197:73 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:197:67:197:73 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:201:35:201:41 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:203:46:203:52 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:204:38:204:44 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:205:35:205:41 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:233:35:233:41 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:235:20:235:26 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:237:23:237:29 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:238:23:238:29 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:252:23:252:29 | tainted |
-| tst.js:194:19:194:35 | document.location | tst.js:194:19:194:42 | documen ... .search |
-| tst.js:194:19:194:35 | document.location | tst.js:194:19:194:42 | documen ... .search |
-| tst.js:194:19:194:42 | documen ... .search | tst.js:194:9:194:42 | tainted |
-| tst.js:201:35:201:41 | tainted | tst.js:209:28:209:46 | this.state.tainted1 |
-| tst.js:201:35:201:41 | tainted | tst.js:209:28:209:46 | this.state.tainted1 |
-| tst.js:203:46:203:52 | tainted | tst.js:210:28:210:46 | this.state.tainted2 |
-| tst.js:203:46:203:52 | tainted | tst.js:210:28:210:46 | this.state.tainted2 |
-| tst.js:204:38:204:44 | tainted | tst.js:211:28:211:46 | this.state.tainted3 |
-| tst.js:204:38:204:44 | tainted | tst.js:211:28:211:46 | this.state.tainted3 |
-| tst.js:205:35:205:41 | tainted | tst.js:215:32:215:49 | prevState.tainted4 |
-| tst.js:205:35:205:41 | tainted | tst.js:215:32:215:49 | prevState.tainted4 |
-| tst.js:233:35:233:41 | tainted | tst.js:222:28:222:46 | this.props.tainted1 |
-| tst.js:233:35:233:41 | tainted | tst.js:222:28:222:46 | this.props.tainted1 |
-| tst.js:235:20:235:26 | tainted | tst.js:223:28:223:46 | this.props.tainted2 |
-| tst.js:235:20:235:26 | tainted | tst.js:223:28:223:46 | this.props.tainted2 |
-| tst.js:237:23:237:29 | tainted | tst.js:224:28:224:46 | this.props.tainted3 |
-| tst.js:237:23:237:29 | tainted | tst.js:224:28:224:46 | this.props.tainted3 |
-| tst.js:238:23:238:29 | tainted | tst.js:228:32:228:49 | prevProps.tainted4 |
-| tst.js:238:23:238:29 | tainted | tst.js:228:32:228:49 | prevProps.tainted4 |
-| tst.js:244:39:244:55 | props.propTainted | tst.js:248:60:248:82 | this.st ... Tainted |
-| tst.js:244:39:244:55 | props.propTainted | tst.js:248:60:248:82 | this.st ... Tainted |
-| tst.js:252:23:252:29 | tainted | tst.js:244:39:244:55 | props.propTainted |
-| tst.js:256:7:256:17 | window.name | tst.js:256:7:256:17 | window.name |
-| tst.js:257:7:257:10 | name | tst.js:257:7:257:10 | name |
-| tst.js:261:11:261:21 | window.name | tst.js:261:11:261:21 | window.name |
-| tst.js:277:22:277:29 | location | tst.js:277:22:277:29 | location |
-| tst.js:282:9:282:29 | tainted | tst.js:285:59:285:65 | tainted |
-| tst.js:282:9:282:29 | tainted | tst.js:285:59:285:65 | tainted |
-| tst.js:282:19:282:29 | window.name | tst.js:282:9:282:29 | tainted |
-| tst.js:282:19:282:29 | window.name | tst.js:282:9:282:29 | tainted |
-| tst.js:298:9:298:16 | location | tst.js:299:10:299:10 | e |
-| tst.js:298:9:298:16 | location | tst.js:299:10:299:10 | e |
-| tst.js:299:10:299:10 | e | tst.js:300:20:300:20 | e |
-| tst.js:299:10:299:10 | e | tst.js:300:20:300:20 | e |
-| tst.js:305:10:305:17 | location | tst.js:307:10:307:10 | e |
-| tst.js:305:10:305:17 | location | tst.js:307:10:307:10 | e |
-| tst.js:307:10:307:10 | e | tst.js:308:20:308:20 | e |
-| tst.js:307:10:307:10 | e | tst.js:308:20:308:20 | e |
-| tst.js:313:35:313:42 | location | tst.js:313:35:313:42 | location |
+| tst.js:151:29:151:43 | window.location | tst.js:151:29:151:50 | window. ... .search |
+| tst.js:151:29:151:43 | window.location | tst.js:151:29:151:50 | window. ... .search |
+| tst.js:151:29:151:50 | window. ... .search | tst.js:154:29:154:29 | v |
+| tst.js:154:29:154:29 | v | tst.js:154:49:154:49 | v |
+| tst.js:154:29:154:29 | v | tst.js:154:49:154:49 | v |
+| tst.js:161:40:161:54 | window.location | tst.js:161:40:161:61 | window. ... .search |
+| tst.js:161:40:161:54 | window.location | tst.js:161:40:161:61 | window. ... .search |
+| tst.js:161:40:161:61 | window. ... .search | tst.js:158:29:158:46 | xssSourceService() |
+| tst.js:161:40:161:61 | window. ... .search | tst.js:158:29:158:46 | xssSourceService() |
+| tst.js:180:9:180:41 | target | tst.js:183:28:183:33 | target |
+| tst.js:180:9:180:41 | target | tst.js:183:28:183:33 | target |
+| tst.js:180:18:180:34 | document.location | tst.js:180:18:180:41 | documen ... .search |
+| tst.js:180:18:180:34 | document.location | tst.js:180:18:180:41 | documen ... .search |
+| tst.js:180:18:180:41 | documen ... .search | tst.js:180:9:180:41 | target |
+| tst.js:187:9:187:42 | tainted | tst.js:189:31:189:37 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:189:31:189:37 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:191:42:191:48 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:191:42:191:48 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:192:33:192:39 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:192:33:192:39 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:194:54:194:60 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:194:54:194:60 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:195:45:195:51 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:195:45:195:51 | tainted |
+| tst.js:187:19:187:35 | document.location | tst.js:187:19:187:42 | documen ... .search |
+| tst.js:187:19:187:35 | document.location | tst.js:187:19:187:42 | documen ... .search |
+| tst.js:187:19:187:42 | documen ... .search | tst.js:187:9:187:42 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:202:67:202:73 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:202:67:202:73 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:203:67:203:73 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:203:67:203:73 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:207:35:207:41 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:209:46:209:52 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:210:38:210:44 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:211:35:211:41 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:239:35:239:41 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:241:20:241:26 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:243:23:243:29 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:244:23:244:29 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:258:23:258:29 | tainted |
+| tst.js:200:19:200:35 | document.location | tst.js:200:19:200:42 | documen ... .search |
+| tst.js:200:19:200:35 | document.location | tst.js:200:19:200:42 | documen ... .search |
+| tst.js:200:19:200:42 | documen ... .search | tst.js:200:9:200:42 | tainted |
+| tst.js:207:35:207:41 | tainted | tst.js:215:28:215:46 | this.state.tainted1 |
+| tst.js:207:35:207:41 | tainted | tst.js:215:28:215:46 | this.state.tainted1 |
+| tst.js:209:46:209:52 | tainted | tst.js:216:28:216:46 | this.state.tainted2 |
+| tst.js:209:46:209:52 | tainted | tst.js:216:28:216:46 | this.state.tainted2 |
+| tst.js:210:38:210:44 | tainted | tst.js:217:28:217:46 | this.state.tainted3 |
+| tst.js:210:38:210:44 | tainted | tst.js:217:28:217:46 | this.state.tainted3 |
+| tst.js:211:35:211:41 | tainted | tst.js:221:32:221:49 | prevState.tainted4 |
+| tst.js:211:35:211:41 | tainted | tst.js:221:32:221:49 | prevState.tainted4 |
+| tst.js:239:35:239:41 | tainted | tst.js:228:28:228:46 | this.props.tainted1 |
+| tst.js:239:35:239:41 | tainted | tst.js:228:28:228:46 | this.props.tainted1 |
+| tst.js:241:20:241:26 | tainted | tst.js:229:28:229:46 | this.props.tainted2 |
+| tst.js:241:20:241:26 | tainted | tst.js:229:28:229:46 | this.props.tainted2 |
+| tst.js:243:23:243:29 | tainted | tst.js:230:28:230:46 | this.props.tainted3 |
+| tst.js:243:23:243:29 | tainted | tst.js:230:28:230:46 | this.props.tainted3 |
+| tst.js:244:23:244:29 | tainted | tst.js:234:32:234:49 | prevProps.tainted4 |
+| tst.js:244:23:244:29 | tainted | tst.js:234:32:234:49 | prevProps.tainted4 |
+| tst.js:250:39:250:55 | props.propTainted | tst.js:254:60:254:82 | this.st ... Tainted |
+| tst.js:250:39:250:55 | props.propTainted | tst.js:254:60:254:82 | this.st ... Tainted |
+| tst.js:258:23:258:29 | tainted | tst.js:250:39:250:55 | props.propTainted |
+| tst.js:262:7:262:17 | window.name | tst.js:262:7:262:17 | window.name |
+| tst.js:263:7:263:10 | name | tst.js:263:7:263:10 | name |
+| tst.js:267:11:267:21 | window.name | tst.js:267:11:267:21 | window.name |
+| tst.js:283:22:283:29 | location | tst.js:283:22:283:29 | location |
+| tst.js:288:9:288:29 | tainted | tst.js:291:59:291:65 | tainted |
+| tst.js:288:9:288:29 | tainted | tst.js:291:59:291:65 | tainted |
+| tst.js:288:19:288:29 | window.name | tst.js:288:9:288:29 | tainted |
+| tst.js:288:19:288:29 | window.name | tst.js:288:9:288:29 | tainted |
+| tst.js:304:9:304:16 | location | tst.js:305:10:305:10 | e |
+| tst.js:304:9:304:16 | location | tst.js:305:10:305:10 | e |
+| tst.js:305:10:305:10 | e | tst.js:306:20:306:20 | e |
+| tst.js:305:10:305:10 | e | tst.js:306:20:306:20 | e |
+| tst.js:311:10:311:17 | location | tst.js:313:10:313:10 | e |
+| tst.js:311:10:311:17 | location | tst.js:313:10:313:10 | e |
+| tst.js:313:10:313:10 | e | tst.js:314:20:314:20 | e |
+| tst.js:313:10:313:10 | e | tst.js:314:20:314:20 | e |
+| tst.js:319:35:319:42 | location | tst.js:319:35:319:42 | location |
 | typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target |
 | typeahead.js:20:22:20:38 | document.location | typeahead.js:20:22:20:45 | documen ... .search |
 | typeahead.js:20:22:20:38 | document.location | typeahead.js:20:22:20:45 | documen ... .search |
@@ -709,33 +713,34 @@ edges
 | tst.js:99:30:99:53 | documen ... .search | tst.js:99:30:99:46 | document.location | tst.js:99:30:99:53 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:99:30:99:46 | document.location | user-provided value |
 | tst.js:105:25:105:48 | documen ... .search | tst.js:105:25:105:41 | document.location | tst.js:105:25:105:48 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:105:25:105:41 | document.location | user-provided value |
 | tst.js:113:18:113:18 | v | tst.js:110:11:110:27 | document.location | tst.js:113:18:113:18 | v | Cross-site scripting vulnerability due to $@. | tst.js:110:11:110:27 | document.location | user-provided value |
-| tst.js:148:49:148:49 | v | tst.js:145:29:145:43 | window.location | tst.js:148:49:148:49 | v | Cross-site scripting vulnerability due to $@. | tst.js:145:29:145:43 | window.location | user-provided value |
-| tst.js:152:29:152:46 | xssSourceService() | tst.js:155:40:155:54 | window.location | tst.js:152:29:152:46 | xssSourceService() | Cross-site scripting vulnerability due to $@. | tst.js:155:40:155:54 | window.location | user-provided value |
-| tst.js:177:28:177:33 | target | tst.js:174:18:174:34 | document.location | tst.js:177:28:177:33 | target | Cross-site scripting vulnerability due to $@. | tst.js:174:18:174:34 | document.location | user-provided value |
-| tst.js:183:31:183:37 | tainted | tst.js:181:19:181:35 | document.location | tst.js:183:31:183:37 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:181:19:181:35 | document.location | user-provided value |
-| tst.js:185:42:185:48 | tainted | tst.js:181:19:181:35 | document.location | tst.js:185:42:185:48 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:181:19:181:35 | document.location | user-provided value |
-| tst.js:186:33:186:39 | tainted | tst.js:181:19:181:35 | document.location | tst.js:186:33:186:39 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:181:19:181:35 | document.location | user-provided value |
-| tst.js:188:54:188:60 | tainted | tst.js:181:19:181:35 | document.location | tst.js:188:54:188:60 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:181:19:181:35 | document.location | user-provided value |
-| tst.js:189:45:189:51 | tainted | tst.js:181:19:181:35 | document.location | tst.js:189:45:189:51 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:181:19:181:35 | document.location | user-provided value |
-| tst.js:196:67:196:73 | tainted | tst.js:194:19:194:35 | document.location | tst.js:196:67:196:73 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:194:19:194:35 | document.location | user-provided value |
-| tst.js:197:67:197:73 | tainted | tst.js:194:19:194:35 | document.location | tst.js:197:67:197:73 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:194:19:194:35 | document.location | user-provided value |
-| tst.js:209:28:209:46 | this.state.tainted1 | tst.js:194:19:194:35 | document.location | tst.js:209:28:209:46 | this.state.tainted1 | Cross-site scripting vulnerability due to $@. | tst.js:194:19:194:35 | document.location | user-provided value |
-| tst.js:210:28:210:46 | this.state.tainted2 | tst.js:194:19:194:35 | document.location | tst.js:210:28:210:46 | this.state.tainted2 | Cross-site scripting vulnerability due to $@. | tst.js:194:19:194:35 | document.location | user-provided value |
-| tst.js:211:28:211:46 | this.state.tainted3 | tst.js:194:19:194:35 | document.location | tst.js:211:28:211:46 | this.state.tainted3 | Cross-site scripting vulnerability due to $@. | tst.js:194:19:194:35 | document.location | user-provided value |
-| tst.js:215:32:215:49 | prevState.tainted4 | tst.js:194:19:194:35 | document.location | tst.js:215:32:215:49 | prevState.tainted4 | Cross-site scripting vulnerability due to $@. | tst.js:194:19:194:35 | document.location | user-provided value |
-| tst.js:222:28:222:46 | this.props.tainted1 | tst.js:194:19:194:35 | document.location | tst.js:222:28:222:46 | this.props.tainted1 | Cross-site scripting vulnerability due to $@. | tst.js:194:19:194:35 | document.location | user-provided value |
-| tst.js:223:28:223:46 | this.props.tainted2 | tst.js:194:19:194:35 | document.location | tst.js:223:28:223:46 | this.props.tainted2 | Cross-site scripting vulnerability due to $@. | tst.js:194:19:194:35 | document.location | user-provided value |
-| tst.js:224:28:224:46 | this.props.tainted3 | tst.js:194:19:194:35 | document.location | tst.js:224:28:224:46 | this.props.tainted3 | Cross-site scripting vulnerability due to $@. | tst.js:194:19:194:35 | document.location | user-provided value |
-| tst.js:228:32:228:49 | prevProps.tainted4 | tst.js:194:19:194:35 | document.location | tst.js:228:32:228:49 | prevProps.tainted4 | Cross-site scripting vulnerability due to $@. | tst.js:194:19:194:35 | document.location | user-provided value |
-| tst.js:248:60:248:82 | this.st ... Tainted | tst.js:194:19:194:35 | document.location | tst.js:248:60:248:82 | this.st ... Tainted | Cross-site scripting vulnerability due to $@. | tst.js:194:19:194:35 | document.location | user-provided value |
-| tst.js:256:7:256:17 | window.name | tst.js:256:7:256:17 | window.name | tst.js:256:7:256:17 | window.name | Cross-site scripting vulnerability due to $@. | tst.js:256:7:256:17 | window.name | user-provided value |
-| tst.js:257:7:257:10 | name | tst.js:257:7:257:10 | name | tst.js:257:7:257:10 | name | Cross-site scripting vulnerability due to $@. | tst.js:257:7:257:10 | name | user-provided value |
-| tst.js:261:11:261:21 | window.name | tst.js:261:11:261:21 | window.name | tst.js:261:11:261:21 | window.name | Cross-site scripting vulnerability due to $@. | tst.js:261:11:261:21 | window.name | user-provided value |
-| tst.js:277:22:277:29 | location | tst.js:277:22:277:29 | location | tst.js:277:22:277:29 | location | Cross-site scripting vulnerability due to $@. | tst.js:277:22:277:29 | location | user-provided value |
-| tst.js:285:59:285:65 | tainted | tst.js:282:19:282:29 | window.name | tst.js:285:59:285:65 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:282:19:282:29 | window.name | user-provided value |
-| tst.js:300:20:300:20 | e | tst.js:298:9:298:16 | location | tst.js:300:20:300:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:298:9:298:16 | location | user-provided value |
-| tst.js:308:20:308:20 | e | tst.js:305:10:305:17 | location | tst.js:308:20:308:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:305:10:305:17 | location | user-provided value |
-| tst.js:313:35:313:42 | location | tst.js:313:35:313:42 | location | tst.js:313:35:313:42 | location | Cross-site scripting vulnerability due to $@. | tst.js:313:35:313:42 | location | user-provided value |
+| tst.js:139:18:139:18 | v | tst.js:110:11:110:27 | document.location | tst.js:139:18:139:18 | v | Cross-site scripting vulnerability due to $@. | tst.js:110:11:110:27 | document.location | user-provided value |
+| tst.js:154:49:154:49 | v | tst.js:151:29:151:43 | window.location | tst.js:154:49:154:49 | v | Cross-site scripting vulnerability due to $@. | tst.js:151:29:151:43 | window.location | user-provided value |
+| tst.js:158:29:158:46 | xssSourceService() | tst.js:161:40:161:54 | window.location | tst.js:158:29:158:46 | xssSourceService() | Cross-site scripting vulnerability due to $@. | tst.js:161:40:161:54 | window.location | user-provided value |
+| tst.js:183:28:183:33 | target | tst.js:180:18:180:34 | document.location | tst.js:183:28:183:33 | target | Cross-site scripting vulnerability due to $@. | tst.js:180:18:180:34 | document.location | user-provided value |
+| tst.js:189:31:189:37 | tainted | tst.js:187:19:187:35 | document.location | tst.js:189:31:189:37 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:187:19:187:35 | document.location | user-provided value |
+| tst.js:191:42:191:48 | tainted | tst.js:187:19:187:35 | document.location | tst.js:191:42:191:48 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:187:19:187:35 | document.location | user-provided value |
+| tst.js:192:33:192:39 | tainted | tst.js:187:19:187:35 | document.location | tst.js:192:33:192:39 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:187:19:187:35 | document.location | user-provided value |
+| tst.js:194:54:194:60 | tainted | tst.js:187:19:187:35 | document.location | tst.js:194:54:194:60 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:187:19:187:35 | document.location | user-provided value |
+| tst.js:195:45:195:51 | tainted | tst.js:187:19:187:35 | document.location | tst.js:195:45:195:51 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:187:19:187:35 | document.location | user-provided value |
+| tst.js:202:67:202:73 | tainted | tst.js:200:19:200:35 | document.location | tst.js:202:67:202:73 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:200:19:200:35 | document.location | user-provided value |
+| tst.js:203:67:203:73 | tainted | tst.js:200:19:200:35 | document.location | tst.js:203:67:203:73 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:200:19:200:35 | document.location | user-provided value |
+| tst.js:215:28:215:46 | this.state.tainted1 | tst.js:200:19:200:35 | document.location | tst.js:215:28:215:46 | this.state.tainted1 | Cross-site scripting vulnerability due to $@. | tst.js:200:19:200:35 | document.location | user-provided value |
+| tst.js:216:28:216:46 | this.state.tainted2 | tst.js:200:19:200:35 | document.location | tst.js:216:28:216:46 | this.state.tainted2 | Cross-site scripting vulnerability due to $@. | tst.js:200:19:200:35 | document.location | user-provided value |
+| tst.js:217:28:217:46 | this.state.tainted3 | tst.js:200:19:200:35 | document.location | tst.js:217:28:217:46 | this.state.tainted3 | Cross-site scripting vulnerability due to $@. | tst.js:200:19:200:35 | document.location | user-provided value |
+| tst.js:221:32:221:49 | prevState.tainted4 | tst.js:200:19:200:35 | document.location | tst.js:221:32:221:49 | prevState.tainted4 | Cross-site scripting vulnerability due to $@. | tst.js:200:19:200:35 | document.location | user-provided value |
+| tst.js:228:28:228:46 | this.props.tainted1 | tst.js:200:19:200:35 | document.location | tst.js:228:28:228:46 | this.props.tainted1 | Cross-site scripting vulnerability due to $@. | tst.js:200:19:200:35 | document.location | user-provided value |
+| tst.js:229:28:229:46 | this.props.tainted2 | tst.js:200:19:200:35 | document.location | tst.js:229:28:229:46 | this.props.tainted2 | Cross-site scripting vulnerability due to $@. | tst.js:200:19:200:35 | document.location | user-provided value |
+| tst.js:230:28:230:46 | this.props.tainted3 | tst.js:200:19:200:35 | document.location | tst.js:230:28:230:46 | this.props.tainted3 | Cross-site scripting vulnerability due to $@. | tst.js:200:19:200:35 | document.location | user-provided value |
+| tst.js:234:32:234:49 | prevProps.tainted4 | tst.js:200:19:200:35 | document.location | tst.js:234:32:234:49 | prevProps.tainted4 | Cross-site scripting vulnerability due to $@. | tst.js:200:19:200:35 | document.location | user-provided value |
+| tst.js:254:60:254:82 | this.st ... Tainted | tst.js:200:19:200:35 | document.location | tst.js:254:60:254:82 | this.st ... Tainted | Cross-site scripting vulnerability due to $@. | tst.js:200:19:200:35 | document.location | user-provided value |
+| tst.js:262:7:262:17 | window.name | tst.js:262:7:262:17 | window.name | tst.js:262:7:262:17 | window.name | Cross-site scripting vulnerability due to $@. | tst.js:262:7:262:17 | window.name | user-provided value |
+| tst.js:263:7:263:10 | name | tst.js:263:7:263:10 | name | tst.js:263:7:263:10 | name | Cross-site scripting vulnerability due to $@. | tst.js:263:7:263:10 | name | user-provided value |
+| tst.js:267:11:267:21 | window.name | tst.js:267:11:267:21 | window.name | tst.js:267:11:267:21 | window.name | Cross-site scripting vulnerability due to $@. | tst.js:267:11:267:21 | window.name | user-provided value |
+| tst.js:283:22:283:29 | location | tst.js:283:22:283:29 | location | tst.js:283:22:283:29 | location | Cross-site scripting vulnerability due to $@. | tst.js:283:22:283:29 | location | user-provided value |
+| tst.js:291:59:291:65 | tainted | tst.js:288:19:288:29 | window.name | tst.js:291:59:291:65 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:288:19:288:29 | window.name | user-provided value |
+| tst.js:306:20:306:20 | e | tst.js:304:9:304:16 | location | tst.js:306:20:306:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:304:9:304:16 | location | user-provided value |
+| tst.js:314:20:314:20 | e | tst.js:311:10:311:17 | location | tst.js:314:20:314:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:311:10:311:17 | location | user-provided value |
+| tst.js:319:35:319:42 | location | tst.js:319:35:319:42 | location | tst.js:319:35:319:42 | location | Cross-site scripting vulnerability due to $@. | tst.js:319:35:319:42 | location | user-provided value |
 | typeahead.js:25:18:25:20 | val | typeahead.js:20:22:20:38 | document.location | typeahead.js:25:18:25:20 | val | Cross-site scripting vulnerability due to $@. | typeahead.js:20:22:20:38 | document.location | user-provided value |
 | v-html.vue:2:8:2:23 | v-html=tainted | v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | Cross-site scripting vulnerability due to $@. | v-html.vue:6:42:6:58 | document.location | user-provided value |
 | winjs.js:3:43:3:49 | tainted | winjs.js:2:17:2:33 | document.location | winjs.js:3:43:3:49 | tainted | Cross-site scripting vulnerability due to $@. | winjs.js:2:17:2:33 | document.location | user-provided value |

javascript/ql/test/query-tests/Security/CWE-079/XssWithAdditionalSources.expected

@@ -234,103 +234,105 @@ nodes
 | tst.js:110:11:110:44 | documen ... bstr(1) |
 | tst.js:113:18:113:18 | v |
 | tst.js:113:18:113:18 | v |
-| tst.js:145:29:145:43 | window.location |
-| tst.js:145:29:145:43 | window.location |
-| tst.js:145:29:145:50 | window. ... .search |
-| tst.js:148:29:148:29 | v |
-| tst.js:148:49:148:49 | v |
-| tst.js:148:49:148:49 | v |
-| tst.js:152:29:152:46 | xssSourceService() |
-| tst.js:152:29:152:46 | xssSourceService() |
-| tst.js:155:40:155:54 | window.location |
-| tst.js:155:40:155:54 | window.location |
-| tst.js:155:40:155:61 | window. ... .search |
-| tst.js:174:9:174:41 | target |
-| tst.js:174:18:174:34 | document.location |
-| tst.js:174:18:174:34 | document.location |
-| tst.js:174:18:174:41 | documen ... .search |
-| tst.js:177:28:177:33 | target |
-| tst.js:177:28:177:33 | target |
-| tst.js:181:9:181:42 | tainted |
-| tst.js:181:19:181:35 | document.location |
-| tst.js:181:19:181:35 | document.location |
-| tst.js:181:19:181:42 | documen ... .search |
-| tst.js:183:31:183:37 | tainted |
-| tst.js:183:31:183:37 | tainted |
-| tst.js:185:42:185:48 | tainted |
-| tst.js:185:42:185:48 | tainted |
-| tst.js:186:33:186:39 | tainted |
-| tst.js:186:33:186:39 | tainted |
-| tst.js:188:54:188:60 | tainted |
-| tst.js:188:54:188:60 | tainted |
-| tst.js:189:45:189:51 | tainted |
-| tst.js:189:45:189:51 | tainted |
-| tst.js:194:9:194:42 | tainted |
-| tst.js:194:19:194:35 | document.location |
-| tst.js:194:19:194:35 | document.location |
-| tst.js:194:19:194:42 | documen ... .search |
-| tst.js:196:67:196:73 | tainted |
-| tst.js:196:67:196:73 | tainted |
-| tst.js:197:67:197:73 | tainted |
-| tst.js:197:67:197:73 | tainted |
-| tst.js:201:35:201:41 | tainted |
-| tst.js:203:46:203:52 | tainted |
-| tst.js:204:38:204:44 | tainted |
-| tst.js:205:35:205:41 | tainted |
-| tst.js:209:28:209:46 | this.state.tainted1 |
-| tst.js:209:28:209:46 | this.state.tainted1 |
-| tst.js:210:28:210:46 | this.state.tainted2 |
-| tst.js:210:28:210:46 | this.state.tainted2 |
-| tst.js:211:28:211:46 | this.state.tainted3 |
-| tst.js:211:28:211:46 | this.state.tainted3 |
-| tst.js:215:32:215:49 | prevState.tainted4 |
-| tst.js:215:32:215:49 | prevState.tainted4 |
-| tst.js:222:28:222:46 | this.props.tainted1 |
-| tst.js:222:28:222:46 | this.props.tainted1 |
-| tst.js:223:28:223:46 | this.props.tainted2 |
-| tst.js:223:28:223:46 | this.props.tainted2 |
-| tst.js:224:28:224:46 | this.props.tainted3 |
-| tst.js:224:28:224:46 | this.props.tainted3 |
-| tst.js:228:32:228:49 | prevProps.tainted4 |
-| tst.js:228:32:228:49 | prevProps.tainted4 |
-| tst.js:233:35:233:41 | tainted |
-| tst.js:235:20:235:26 | tainted |
-| tst.js:237:23:237:29 | tainted |
-| tst.js:238:23:238:29 | tainted |
-| tst.js:244:39:244:55 | props.propTainted |
-| tst.js:248:60:248:82 | this.st ... Tainted |
-| tst.js:248:60:248:82 | this.st ... Tainted |
-| tst.js:252:23:252:29 | tainted |
-| tst.js:256:7:256:17 | window.name |
-| tst.js:256:7:256:17 | window.name |
-| tst.js:256:7:256:17 | window.name |
-| tst.js:257:7:257:10 | name |
-| tst.js:257:7:257:10 | name |
-| tst.js:257:7:257:10 | name |
-| tst.js:261:11:261:21 | window.name |
-| tst.js:261:11:261:21 | window.name |
-| tst.js:261:11:261:21 | window.name |
-| tst.js:277:22:277:29 | location |
-| tst.js:277:22:277:29 | location |
-| tst.js:277:22:277:29 | location |
-| tst.js:282:9:282:29 | tainted |
-| tst.js:282:19:282:29 | window.name |
-| tst.js:282:19:282:29 | window.name |
-| tst.js:285:59:285:65 | tainted |
-| tst.js:285:59:285:65 | tainted |
-| tst.js:298:9:298:16 | location |
-| tst.js:298:9:298:16 | location |
-| tst.js:299:10:299:10 | e |
-| tst.js:300:20:300:20 | e |
-| tst.js:300:20:300:20 | e |
-| tst.js:305:10:305:17 | location |
-| tst.js:305:10:305:17 | location |
-| tst.js:307:10:307:10 | e |
-| tst.js:308:20:308:20 | e |
-| tst.js:308:20:308:20 | e |
-| tst.js:313:35:313:42 | location |
-| tst.js:313:35:313:42 | location |
-| tst.js:313:35:313:42 | location |
+| tst.js:139:18:139:18 | v |
+| tst.js:139:18:139:18 | v |
+| tst.js:151:29:151:43 | window.location |
+| tst.js:151:29:151:43 | window.location |
+| tst.js:151:29:151:50 | window. ... .search |
+| tst.js:154:29:154:29 | v |
+| tst.js:154:49:154:49 | v |
+| tst.js:154:49:154:49 | v |
+| tst.js:158:29:158:46 | xssSourceService() |
+| tst.js:158:29:158:46 | xssSourceService() |
+| tst.js:161:40:161:54 | window.location |
+| tst.js:161:40:161:54 | window.location |
+| tst.js:161:40:161:61 | window. ... .search |
+| tst.js:180:9:180:41 | target |
+| tst.js:180:18:180:34 | document.location |
+| tst.js:180:18:180:34 | document.location |
+| tst.js:180:18:180:41 | documen ... .search |
+| tst.js:183:28:183:33 | target |
+| tst.js:183:28:183:33 | target |
+| tst.js:187:9:187:42 | tainted |
+| tst.js:187:19:187:35 | document.location |
+| tst.js:187:19:187:35 | document.location |
+| tst.js:187:19:187:42 | documen ... .search |
+| tst.js:189:31:189:37 | tainted |
+| tst.js:189:31:189:37 | tainted |
+| tst.js:191:42:191:48 | tainted |
+| tst.js:191:42:191:48 | tainted |
+| tst.js:192:33:192:39 | tainted |
+| tst.js:192:33:192:39 | tainted |
+| tst.js:194:54:194:60 | tainted |
+| tst.js:194:54:194:60 | tainted |
+| tst.js:195:45:195:51 | tainted |
+| tst.js:195:45:195:51 | tainted |
+| tst.js:200:9:200:42 | tainted |
+| tst.js:200:19:200:35 | document.location |
+| tst.js:200:19:200:35 | document.location |
+| tst.js:200:19:200:42 | documen ... .search |
+| tst.js:202:67:202:73 | tainted |
+| tst.js:202:67:202:73 | tainted |
+| tst.js:203:67:203:73 | tainted |
+| tst.js:203:67:203:73 | tainted |
+| tst.js:207:35:207:41 | tainted |
+| tst.js:209:46:209:52 | tainted |
+| tst.js:210:38:210:44 | tainted |
+| tst.js:211:35:211:41 | tainted |
+| tst.js:215:28:215:46 | this.state.tainted1 |
+| tst.js:215:28:215:46 | this.state.tainted1 |
+| tst.js:216:28:216:46 | this.state.tainted2 |
+| tst.js:216:28:216:46 | this.state.tainted2 |
+| tst.js:217:28:217:46 | this.state.tainted3 |
+| tst.js:217:28:217:46 | this.state.tainted3 |
+| tst.js:221:32:221:49 | prevState.tainted4 |
+| tst.js:221:32:221:49 | prevState.tainted4 |
+| tst.js:228:28:228:46 | this.props.tainted1 |
+| tst.js:228:28:228:46 | this.props.tainted1 |
+| tst.js:229:28:229:46 | this.props.tainted2 |
+| tst.js:229:28:229:46 | this.props.tainted2 |
+| tst.js:230:28:230:46 | this.props.tainted3 |
+| tst.js:230:28:230:46 | this.props.tainted3 |
+| tst.js:234:32:234:49 | prevProps.tainted4 |
+| tst.js:234:32:234:49 | prevProps.tainted4 |
+| tst.js:239:35:239:41 | tainted |
+| tst.js:241:20:241:26 | tainted |
+| tst.js:243:23:243:29 | tainted |
+| tst.js:244:23:244:29 | tainted |
+| tst.js:250:39:250:55 | props.propTainted |
+| tst.js:254:60:254:82 | this.st ... Tainted |
+| tst.js:254:60:254:82 | this.st ... Tainted |
+| tst.js:258:23:258:29 | tainted |
+| tst.js:262:7:262:17 | window.name |
+| tst.js:262:7:262:17 | window.name |
+| tst.js:262:7:262:17 | window.name |
+| tst.js:263:7:263:10 | name |
+| tst.js:263:7:263:10 | name |
+| tst.js:263:7:263:10 | name |
+| tst.js:267:11:267:21 | window.name |
+| tst.js:267:11:267:21 | window.name |
+| tst.js:267:11:267:21 | window.name |
+| tst.js:283:22:283:29 | location |
+| tst.js:283:22:283:29 | location |
+| tst.js:283:22:283:29 | location |
+| tst.js:288:9:288:29 | tainted |
+| tst.js:288:19:288:29 | window.name |
+| tst.js:288:19:288:29 | window.name |
+| tst.js:291:59:291:65 | tainted |
+| tst.js:291:59:291:65 | tainted |
+| tst.js:304:9:304:16 | location |
+| tst.js:304:9:304:16 | location |
+| tst.js:305:10:305:10 | e |
+| tst.js:306:20:306:20 | e |
+| tst.js:306:20:306:20 | e |
+| tst.js:311:10:311:17 | location |
+| tst.js:311:10:311:17 | location |
+| tst.js:313:10:313:10 | e |
+| tst.js:314:20:314:20 | e |
+| tst.js:314:20:314:20 | e |
+| tst.js:319:35:319:42 | location |
+| tst.js:319:35:319:42 | location |
+| tst.js:319:35:319:42 | location |
 | typeahead.js:9:28:9:30 | loc |
 | typeahead.js:9:28:9:30 | loc |
 | typeahead.js:10:16:10:18 | loc |
@@ -559,89 +561,91 @@ edges
 | tst.js:105:25:105:41 | document.location | tst.js:105:25:105:48 | documen ... .search |
 | tst.js:110:7:110:44 | v | tst.js:113:18:113:18 | v |
 | tst.js:110:7:110:44 | v | tst.js:113:18:113:18 | v |
+| tst.js:110:7:110:44 | v | tst.js:139:18:139:18 | v |
+| tst.js:110:7:110:44 | v | tst.js:139:18:139:18 | v |
 | tst.js:110:11:110:27 | document.location | tst.js:110:11:110:34 | documen ... .search |
 | tst.js:110:11:110:27 | document.location | tst.js:110:11:110:34 | documen ... .search |
 | tst.js:110:11:110:34 | documen ... .search | tst.js:110:11:110:44 | documen ... bstr(1) |
 | tst.js:110:11:110:44 | documen ... bstr(1) | tst.js:110:7:110:44 | v |
-| tst.js:145:29:145:43 | window.location | tst.js:145:29:145:50 | window. ... .search |
-| tst.js:145:29:145:43 | window.location | tst.js:145:29:145:50 | window. ... .search |
-| tst.js:145:29:145:50 | window. ... .search | tst.js:148:29:148:29 | v |
-| tst.js:148:29:148:29 | v | tst.js:148:49:148:49 | v |
-| tst.js:148:29:148:29 | v | tst.js:148:49:148:49 | v |
-| tst.js:155:40:155:54 | window.location | tst.js:155:40:155:61 | window. ... .search |
-| tst.js:155:40:155:54 | window.location | tst.js:155:40:155:61 | window. ... .search |
-| tst.js:155:40:155:61 | window. ... .search | tst.js:152:29:152:46 | xssSourceService() |
-| tst.js:155:40:155:61 | window. ... .search | tst.js:152:29:152:46 | xssSourceService() |
-| tst.js:174:9:174:41 | target | tst.js:177:28:177:33 | target |
-| tst.js:174:9:174:41 | target | tst.js:177:28:177:33 | target |
-| tst.js:174:18:174:34 | document.location | tst.js:174:18:174:41 | documen ... .search |
-| tst.js:174:18:174:34 | document.location | tst.js:174:18:174:41 | documen ... .search |
-| tst.js:174:18:174:41 | documen ... .search | tst.js:174:9:174:41 | target |
-| tst.js:181:9:181:42 | tainted | tst.js:183:31:183:37 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:183:31:183:37 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:185:42:185:48 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:185:42:185:48 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:186:33:186:39 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:186:33:186:39 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:188:54:188:60 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:188:54:188:60 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:189:45:189:51 | tainted |
-| tst.js:181:9:181:42 | tainted | tst.js:189:45:189:51 | tainted |
-| tst.js:181:19:181:35 | document.location | tst.js:181:19:181:42 | documen ... .search |
-| tst.js:181:19:181:35 | document.location | tst.js:181:19:181:42 | documen ... .search |
-| tst.js:181:19:181:42 | documen ... .search | tst.js:181:9:181:42 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:196:67:196:73 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:196:67:196:73 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:197:67:197:73 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:197:67:197:73 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:201:35:201:41 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:203:46:203:52 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:204:38:204:44 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:205:35:205:41 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:233:35:233:41 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:235:20:235:26 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:237:23:237:29 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:238:23:238:29 | tainted |
-| tst.js:194:9:194:42 | tainted | tst.js:252:23:252:29 | tainted |
-| tst.js:194:19:194:35 | document.location | tst.js:194:19:194:42 | documen ... .search |
-| tst.js:194:19:194:35 | document.location | tst.js:194:19:194:42 | documen ... .search |
-| tst.js:194:19:194:42 | documen ... .search | tst.js:194:9:194:42 | tainted |
-| tst.js:201:35:201:41 | tainted | tst.js:209:28:209:46 | this.state.tainted1 |
-| tst.js:201:35:201:41 | tainted | tst.js:209:28:209:46 | this.state.tainted1 |
-| tst.js:203:46:203:52 | tainted | tst.js:210:28:210:46 | this.state.tainted2 |
-| tst.js:203:46:203:52 | tainted | tst.js:210:28:210:46 | this.state.tainted2 |
-| tst.js:204:38:204:44 | tainted | tst.js:211:28:211:46 | this.state.tainted3 |
-| tst.js:204:38:204:44 | tainted | tst.js:211:28:211:46 | this.state.tainted3 |
-| tst.js:205:35:205:41 | tainted | tst.js:215:32:215:49 | prevState.tainted4 |
-| tst.js:205:35:205:41 | tainted | tst.js:215:32:215:49 | prevState.tainted4 |
-| tst.js:233:35:233:41 | tainted | tst.js:222:28:222:46 | this.props.tainted1 |
-| tst.js:233:35:233:41 | tainted | tst.js:222:28:222:46 | this.props.tainted1 |
-| tst.js:235:20:235:26 | tainted | tst.js:223:28:223:46 | this.props.tainted2 |
-| tst.js:235:20:235:26 | tainted | tst.js:223:28:223:46 | this.props.tainted2 |
-| tst.js:237:23:237:29 | tainted | tst.js:224:28:224:46 | this.props.tainted3 |
-| tst.js:237:23:237:29 | tainted | tst.js:224:28:224:46 | this.props.tainted3 |
-| tst.js:238:23:238:29 | tainted | tst.js:228:32:228:49 | prevProps.tainted4 |
-| tst.js:238:23:238:29 | tainted | tst.js:228:32:228:49 | prevProps.tainted4 |
-| tst.js:244:39:244:55 | props.propTainted | tst.js:248:60:248:82 | this.st ... Tainted |
-| tst.js:244:39:244:55 | props.propTainted | tst.js:248:60:248:82 | this.st ... Tainted |
-| tst.js:252:23:252:29 | tainted | tst.js:244:39:244:55 | props.propTainted |
-| tst.js:256:7:256:17 | window.name | tst.js:256:7:256:17 | window.name |
-| tst.js:257:7:257:10 | name | tst.js:257:7:257:10 | name |
-| tst.js:261:11:261:21 | window.name | tst.js:261:11:261:21 | window.name |
-| tst.js:277:22:277:29 | location | tst.js:277:22:277:29 | location |
-| tst.js:282:9:282:29 | tainted | tst.js:285:59:285:65 | tainted |
-| tst.js:282:9:282:29 | tainted | tst.js:285:59:285:65 | tainted |
-| tst.js:282:19:282:29 | window.name | tst.js:282:9:282:29 | tainted |
-| tst.js:282:19:282:29 | window.name | tst.js:282:9:282:29 | tainted |
-| tst.js:298:9:298:16 | location | tst.js:299:10:299:10 | e |
-| tst.js:298:9:298:16 | location | tst.js:299:10:299:10 | e |
-| tst.js:299:10:299:10 | e | tst.js:300:20:300:20 | e |
-| tst.js:299:10:299:10 | e | tst.js:300:20:300:20 | e |
-| tst.js:305:10:305:17 | location | tst.js:307:10:307:10 | e |
-| tst.js:305:10:305:17 | location | tst.js:307:10:307:10 | e |
-| tst.js:307:10:307:10 | e | tst.js:308:20:308:20 | e |
-| tst.js:307:10:307:10 | e | tst.js:308:20:308:20 | e |
-| tst.js:313:35:313:42 | location | tst.js:313:35:313:42 | location |
+| tst.js:151:29:151:43 | window.location | tst.js:151:29:151:50 | window. ... .search |
+| tst.js:151:29:151:43 | window.location | tst.js:151:29:151:50 | window. ... .search |
+| tst.js:151:29:151:50 | window. ... .search | tst.js:154:29:154:29 | v |
+| tst.js:154:29:154:29 | v | tst.js:154:49:154:49 | v |
+| tst.js:154:29:154:29 | v | tst.js:154:49:154:49 | v |
+| tst.js:161:40:161:54 | window.location | tst.js:161:40:161:61 | window. ... .search |
+| tst.js:161:40:161:54 | window.location | tst.js:161:40:161:61 | window. ... .search |
+| tst.js:161:40:161:61 | window. ... .search | tst.js:158:29:158:46 | xssSourceService() |
+| tst.js:161:40:161:61 | window. ... .search | tst.js:158:29:158:46 | xssSourceService() |
+| tst.js:180:9:180:41 | target | tst.js:183:28:183:33 | target |
+| tst.js:180:9:180:41 | target | tst.js:183:28:183:33 | target |
+| tst.js:180:18:180:34 | document.location | tst.js:180:18:180:41 | documen ... .search |
+| tst.js:180:18:180:34 | document.location | tst.js:180:18:180:41 | documen ... .search |
+| tst.js:180:18:180:41 | documen ... .search | tst.js:180:9:180:41 | target |
+| tst.js:187:9:187:42 | tainted | tst.js:189:31:189:37 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:189:31:189:37 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:191:42:191:48 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:191:42:191:48 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:192:33:192:39 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:192:33:192:39 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:194:54:194:60 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:194:54:194:60 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:195:45:195:51 | tainted |
+| tst.js:187:9:187:42 | tainted | tst.js:195:45:195:51 | tainted |
+| tst.js:187:19:187:35 | document.location | tst.js:187:19:187:42 | documen ... .search |
+| tst.js:187:19:187:35 | document.location | tst.js:187:19:187:42 | documen ... .search |
+| tst.js:187:19:187:42 | documen ... .search | tst.js:187:9:187:42 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:202:67:202:73 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:202:67:202:73 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:203:67:203:73 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:203:67:203:73 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:207:35:207:41 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:209:46:209:52 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:210:38:210:44 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:211:35:211:41 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:239:35:239:41 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:241:20:241:26 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:243:23:243:29 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:244:23:244:29 | tainted |
+| tst.js:200:9:200:42 | tainted | tst.js:258:23:258:29 | tainted |
+| tst.js:200:19:200:35 | document.location | tst.js:200:19:200:42 | documen ... .search |
+| tst.js:200:19:200:35 | document.location | tst.js:200:19:200:42 | documen ... .search |
+| tst.js:200:19:200:42 | documen ... .search | tst.js:200:9:200:42 | tainted |
+| tst.js:207:35:207:41 | tainted | tst.js:215:28:215:46 | this.state.tainted1 |
+| tst.js:207:35:207:41 | tainted | tst.js:215:28:215:46 | this.state.tainted1 |
+| tst.js:209:46:209:52 | tainted | tst.js:216:28:216:46 | this.state.tainted2 |
+| tst.js:209:46:209:52 | tainted | tst.js:216:28:216:46 | this.state.tainted2 |
+| tst.js:210:38:210:44 | tainted | tst.js:217:28:217:46 | this.state.tainted3 |
+| tst.js:210:38:210:44 | tainted | tst.js:217:28:217:46 | this.state.tainted3 |
+| tst.js:211:35:211:41 | tainted | tst.js:221:32:221:49 | prevState.tainted4 |
+| tst.js:211:35:211:41 | tainted | tst.js:221:32:221:49 | prevState.tainted4 |
+| tst.js:239:35:239:41 | tainted | tst.js:228:28:228:46 | this.props.tainted1 |
+| tst.js:239:35:239:41 | tainted | tst.js:228:28:228:46 | this.props.tainted1 |
+| tst.js:241:20:241:26 | tainted | tst.js:229:28:229:46 | this.props.tainted2 |
+| tst.js:241:20:241:26 | tainted | tst.js:229:28:229:46 | this.props.tainted2 |
+| tst.js:243:23:243:29 | tainted | tst.js:230:28:230:46 | this.props.tainted3 |
+| tst.js:243:23:243:29 | tainted | tst.js:230:28:230:46 | this.props.tainted3 |
+| tst.js:244:23:244:29 | tainted | tst.js:234:32:234:49 | prevProps.tainted4 |
+| tst.js:244:23:244:29 | tainted | tst.js:234:32:234:49 | prevProps.tainted4 |
+| tst.js:250:39:250:55 | props.propTainted | tst.js:254:60:254:82 | this.st ... Tainted |
+| tst.js:250:39:250:55 | props.propTainted | tst.js:254:60:254:82 | this.st ... Tainted |
+| tst.js:258:23:258:29 | tainted | tst.js:250:39:250:55 | props.propTainted |
+| tst.js:262:7:262:17 | window.name | tst.js:262:7:262:17 | window.name |
+| tst.js:263:7:263:10 | name | tst.js:263:7:263:10 | name |
+| tst.js:267:11:267:21 | window.name | tst.js:267:11:267:21 | window.name |
+| tst.js:283:22:283:29 | location | tst.js:283:22:283:29 | location |
+| tst.js:288:9:288:29 | tainted | tst.js:291:59:291:65 | tainted |
+| tst.js:288:9:288:29 | tainted | tst.js:291:59:291:65 | tainted |
+| tst.js:288:19:288:29 | window.name | tst.js:288:9:288:29 | tainted |
+| tst.js:288:19:288:29 | window.name | tst.js:288:9:288:29 | tainted |
+| tst.js:304:9:304:16 | location | tst.js:305:10:305:10 | e |
+| tst.js:304:9:304:16 | location | tst.js:305:10:305:10 | e |
+| tst.js:305:10:305:10 | e | tst.js:306:20:306:20 | e |
+| tst.js:305:10:305:10 | e | tst.js:306:20:306:20 | e |
+| tst.js:311:10:311:17 | location | tst.js:313:10:313:10 | e |
+| tst.js:311:10:311:17 | location | tst.js:313:10:313:10 | e |
+| tst.js:313:10:313:10 | e | tst.js:314:20:314:20 | e |
+| tst.js:313:10:313:10 | e | tst.js:314:20:314:20 | e |
+| tst.js:319:35:319:42 | location | tst.js:319:35:319:42 | location |
 | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |
 | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |
 | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |

javascript/ql/test/query-tests/Security/CWE-079/tst.js

@@ -132,7 +132,13 @@ function tst() {
       document.write(v);
   }
 
-  if (!(/\d+/.test(v)))
+  if (!(/\d+/.test(v))) // not effective - matches "123<script>...</script>"
+    return;
+
+  // NOT OK
+  document.write(v);
+
+  if (!(/^\d+$/.test(v)))
     return;
 
   // OK

javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected

@@ -54,6 +54,8 @@ nodes
 | koa.js:8:18:8:20 | url |
 | koa.js:14:16:14:18 | url |
 | koa.js:14:16:14:18 | url |
+| koa.js:20:16:20:18 | url |
+| koa.js:20:16:20:18 | url |
 | node.js:6:7:6:52 | target |
 | node.js:6:16:6:39 | url.par ... , true) |
 | node.js:6:16:6:45 | url.par ... ).query |
@@ -131,6 +133,8 @@ edges
 | koa.js:6:6:6:27 | url | koa.js:8:18:8:20 | url |
 | koa.js:6:6:6:27 | url | koa.js:14:16:14:18 | url |
 | koa.js:6:6:6:27 | url | koa.js:14:16:14:18 | url |
+| koa.js:6:6:6:27 | url | koa.js:20:16:20:18 | url |
+| koa.js:6:6:6:27 | url | koa.js:20:16:20:18 | url |
 | koa.js:6:12:6:27 | ctx.query.target | koa.js:6:6:6:27 | url |
 | koa.js:6:12:6:27 | ctx.query.target | koa.js:6:6:6:27 | url |
 | koa.js:8:18:8:20 | url | koa.js:8:15:8:26 | `${url}${x}` |
@@ -180,6 +184,7 @@ edges
 | koa.js:7:15:7:17 | url | koa.js:6:12:6:27 | ctx.query.target | koa.js:7:15:7:17 | url | Untrusted URL redirection due to $@. | koa.js:6:12:6:27 | ctx.query.target | user-provided value |
 | koa.js:8:15:8:26 | `${url}${x}` | koa.js:6:12:6:27 | ctx.query.target | koa.js:8:15:8:26 | `${url}${x}` | Untrusted URL redirection due to $@. | koa.js:6:12:6:27 | ctx.query.target | user-provided value |
 | koa.js:14:16:14:18 | url | koa.js:6:12:6:27 | ctx.query.target | koa.js:14:16:14:18 | url | Untrusted URL redirection due to $@. | koa.js:6:12:6:27 | ctx.query.target | user-provided value |
+| koa.js:20:16:20:18 | url | koa.js:6:12:6:27 | ctx.query.target | koa.js:20:16:20:18 | url | Untrusted URL redirection due to $@. | koa.js:6:12:6:27 | ctx.query.target | user-provided value |
 | node.js:7:34:7:39 | target | node.js:6:26:6:32 | req.url | node.js:7:34:7:39 | target | Untrusted URL redirection due to $@. | node.js:6:26:6:32 | req.url | user-provided value |
 | node.js:15:34:15:45 | '/' + target | node.js:11:26:11:32 | req.url | node.js:15:34:15:45 | '/' + target | Untrusted URL redirection due to $@. | node.js:11:26:11:32 | req.url | user-provided value |
 | node.js:32:34:32:55 | target  ... =" + me | node.js:29:26:29:32 | req.url | node.js:32:34:32:55 | target  ... =" + me | Untrusted URL redirection due to $@. | node.js:29:26:29:32 | req.url | user-provided value |

javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/koa.js

@@ -1,5 +1,5 @@
 const Koa = require('koa');
-const url = require('url');
+const urlLib = require('url');
 const app = new Koa();
 
 app.use(async ctx => {
@@ -7,14 +7,20 @@ app.use(async ctx => {
 	ctx.redirect(url); // NOT OK
 	ctx.redirect(`${url}${x}`); // NOT OK
 
-	var isCrossDomainRedirect = url.parse(url || '', false, true).hostname;
+	var isCrossDomainRedirect = urlLib.parse(url || '', false, true).hostname;
 	if(!url || isCrossDomainRedirect) {
 		ctx.redirect('/'); // OK
 	} else {
 		ctx.redirect(url); // NOT OK
 	}
 
-	if(!url || isCrossDomainRedirect || ! url.match(VALID)) {
+	if(!url || isCrossDomainRedirect || url.match(VALID)) {
+		ctx.redirect('/'); // OK
+	} else {
+		ctx.redirect(url); // possibly OK - flagged anyway
+	}
+
+	if(!url || isCrossDomainRedirect || url.match(/[^\w/-]/)) {
 		ctx.redirect('/'); // OK
 	} else {
 		ctx.redirect(url); // OK

javascript/ql/test/tutorials/Introducing the JavaScript libraries/tests.expected

@@ -23,7 +23,9 @@ test_query20
 test_query3
 | tst.js:27:1:27:4 | <!-- | Do not use HTML comments. |
 test_query1
-|  | 2 |
+|  | 0 |
+| tutorials | 0 |
+| tutorials/Introducing the JavaScript libraries | 2 |
 test_query13
 test_query9
 | tst.js:3:1:3:15 | function f() {} | tst.js:6:5:6:19 | function f() {} |

python/ql/src/Statements/StatementNoEffect.ql

@@ -49,28 +49,45 @@ predicate side_effecting_descriptor_type(ClassObject descriptor) {
  * side-effecting unless we know otherwise.
  */
 predicate side_effecting_binary(Expr b) {
-    exists(Expr sub, string method_name |
-        sub = b.(BinaryExpr).getLeft() and
-        method_name = b.(BinaryExpr).getOp().getSpecialMethodName()
+    exists(Expr sub, ClassObject cls, string method_name |
+        binary_operator_special_method(b, sub, cls, method_name)
         or
-        exists(Cmpop op |
-            b.(Compare).compares(sub, op, _) and
-            method_name = op.getSpecialMethodName()
-        )
+        comparison_special_method(b, sub, cls, method_name)
         |
-        exists(ClassObject cls |
-            sub.refersTo(_, cls, _) and
-            cls.hasAttribute(method_name)
-            and
-            not exists(ClassObject declaring |
-                declaring.declaresAttribute(method_name)
-                and declaring = cls.getAnImproperSuperType() and
-                declaring.isBuiltin() and not declaring = theObjectType()
-            )
+        method_name = special_method() and
+        cls.hasAttribute(method_name)
+        and
+        not exists(ClassObject declaring |
+            declaring.declaresAttribute(method_name)
+            and declaring = cls.getAnImproperSuperType() and
+            declaring.isBuiltin() and not declaring = theObjectType()
         )
     )
 }
 
+pragma[nomagic]
+private predicate binary_operator_special_method(BinaryExpr b, Expr sub, ClassObject cls, string method_name) {
+    method_name = special_method() and
+    sub = b.getLeft() and
+    method_name = b.getOp().getSpecialMethodName() and
+    sub.refersTo(_, cls, _)
+}
+
+pragma[nomagic]
+private predicate comparison_special_method(Compare b, Expr sub, ClassObject cls, string method_name) {
+    exists(Cmpop op |
+        b.compares(sub, op, _) and
+        method_name = op.getSpecialMethodName()
+    ) and
+    sub.refersTo(_, cls, _)
+}
+
+private string special_method() {
+    result = any(Cmpop c).getSpecialMethodName()
+    or
+    result = any(BinaryExpr b).getOp().getSpecialMethodName()
+}
+
 predicate is_notebook(File f) {
     exists(Comment c |
         c.getLocation().getFile() = f |

python/ql/test/2/library-tests/modules/options

@@ -1 +1 @@
-semmle-extractor-options: --max-import-depth=3
+semmle-extractor-options: --lang=2 --max-import-depth=3

python/ql/test/2/library-tests/options

@@ -1 +1,2 @@
-automatic_locations: true
+automatic_locations: true
+semmle-extractor-options: --lang=2

python/ql/test/2/library-tests/six/options

@@ -1,2 +1,2 @@
-semmle-extractor-options: --max-import-depth=3
+semmle-extractor-options: --lang=2 --max-import-depth=3
 optimize: true

python/ql/test/2/query-tests/Variables/undefined/options

@@ -1 +1 @@
-semmle-extractor-options: --max-import-depth=2
+semmle-extractor-options: --lang=2 --max-import-depth=2

python/ql/test/2/query-tests/options

@@ -1,2 +1,2 @@
 automatic_locations: true
-semmle-extractor-options: --max-import-depth=1
+semmle-extractor-options: --lang=2 --max-import-depth=1