hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into aliasFlow

Browse Source
This commit is contained in:
erik-krogh
2022-11-07 09:46:48 +01:00
parent dcdff7a995 b8e1aa67d8
commit fc38bf0429
3495 changed files with 122277 additions and 101751 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
javascript/ql/test/ApiGraphs/typed/NodeOfType.expected
View File

@@ -1,9 +1,30 @@
getANodeOfType
| body-parser | | index.ts:4:20:4:41 | require ... arser") |
| express | | index.ts:3:17:3:34 | require("express") |
| mongodb | | index.ts:1:8:1:19 | * as mongodb |
| mongodb | AbstractCursor | index.ts:14:3:14:33 | getColl ... d: v }) |
| mongodb | Collection | index.ts:14:3:14:17 | getCollection() |
| mongodb | FindCursor | index.ts:14:3:14:33 | getColl ... d: v }) |
| mongodb | TypedEventEmitter | index.ts:14:3:14:33 | getColl ... d: v }) |
| mongoose | | index.ts:17:8:17:20 | * as mongoose |
| mongoose | AcceptsDiscriminator | index.ts:22:3:22:20 | getMongooseModel() |
| mongoose | Document | index.ts:22:3:22:20 | getMongooseModel() |
| mongoose | HydratedDocument | index.ts:22:3:22:20 | getMongooseModel() |
| mongoose | Model | index.ts:22:3:22:20 | getMongooseModel() |
| mongoose | Query | index.ts:22:3:22:20 | getMongooseModel() |
| mongoose | Query | index.ts:22:3:22:36 | getMong ... d: v }) |
| mongoose | Query | index.ts:23:3:23:20 | getMongooseQuery() |
| mongoose | Query | index.ts:23:3:23:36 | getMong ... d: v }) |
| mongoose | QueryWithHelpers | index.ts:22:3:22:36 | getMong ... d: v }) |
| mongoose | QueryWithHelpers | index.ts:23:3:23:36 | getMong ... d: v }) |
| mongoose | SessionOperation | index.ts:22:3:22:20 | getMongooseModel() |
| mongoose | SessionOperation | index.ts:22:3:22:36 | getMong ... d: v }) |
| mongoose | SessionOperation | index.ts:23:3:23:20 | getMongooseQuery() |
| mongoose | SessionOperation | index.ts:23:3:23:36 | getMong ... d: v }) |
| puppeteer | | index.ts:26:8:26:21 | * as puppeteer |
| puppeteer | Browser | index.ts:30:22:30:33 | this.browser |
getANodeOfTypeRaw
| mongodb | Collection | index.ts:14:3:14:17 | getCollection() |
| mongoose | Model | index.ts:22:3:22:20 | getMongooseModel() |
| mongoose | Query | index.ts:23:3:23:20 | getMongooseQuery() |
| puppeteer | Browser | index.ts:30:22:30:33 | this.browser |

9
javascript/ql/test/ApiGraphs/typed/NodeOfType.ql
View File

@@ -1,4 +1,9 @@
import javascript
from string mod, string tp
select mod, tp, API::Node::ofType(mod, tp).asSource()
query DataFlow::Node getANodeOfType(string package, string type) {
result = API::Node::ofType(package, type).asSource()
}
query DataFlow::Node getANodeOfTypeRaw(string package, string type) {
result = API::Internal::getANodeOfTypeRaw(package, type).asSource()
}

18
javascript/ql/test/experimental/Security/CWE-094/UntrustedCheckout.expected
View File

@@ -1,9 +1,9 @@
| .github/workflows/pull_request_target_if_job.yml:30:7:33:2 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |
| .github/workflows/pull_request_target_if_job.yml:36:7:38:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |
| .github/workflows/pull_request_target_if_step.yml:24:7:29:4 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |
| .github/workflows/pull_request_target_if_step.yml:29:7:31:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |
| .github/workflows/pull_request_target_labels_mapping.yml:13:7:15:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |
| .github/workflows/pull_request_target_labels_sequence.yml:10:7:12:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |
| .github/workflows/pull_request_target_mapping.yml:8:7:10:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |
| .github/workflows/pull_request_target_run.yml:7:7:11:4 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |
| .github/workflows/pull_request_target_sequence.yml:7:7:9:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |
| .github/workflows/pull_request_target_if_job.yml:30:7:33:2 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. |
| .github/workflows/pull_request_target_if_job.yml:36:7:38:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. |
| .github/workflows/pull_request_target_if_step.yml:24:7:29:4 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. |
| .github/workflows/pull_request_target_if_step.yml:29:7:31:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. |
| .github/workflows/pull_request_target_labels_mapping.yml:13:7:15:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. |
| .github/workflows/pull_request_target_labels_sequence.yml:10:7:12:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. |
| .github/workflows/pull_request_target_mapping.yml:8:7:10:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. |
| .github/workflows/pull_request_target_run.yml:7:7:11:4 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. |
| .github/workflows/pull_request_target_sequence.yml:7:7:9:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. |

40
javascript/ql/test/experimental/Security/CWE-918/SSRF.expected
View File

@@ -163,23 +163,23 @@ edges
| check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted |
| check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted |
#select
| check-domain.js:17:13:17:15 | url | check-domain.js:16:15:16:27 | req.query.url | check-domain.js:17:13:17:15 | url | The URL of this request depends on a user-provided value |
| check-domain.js:26:15:26:27 | req.query.url | check-domain.js:26:15:26:27 | req.query.url | check-domain.js:26:15:26:27 | req.query.url | The URL of this request depends on a user-provided value |
| check-middleware.js:9:13:9:43 | "test.c ... tainted | check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | The URL of this request depends on a user-provided value |
| check-path.js:19:13:19:43 | 'test.c ... tainted | check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | The URL of this request depends on a user-provided value |
| check-path.js:22:13:22:63 | 'test.c ... ainted) | check-path.js:22:46:22:62 | req.query.tainted | check-path.js:22:13:22:63 | 'test.c ... ainted) | The URL of this request depends on a user-provided value |
| check-path.js:23:13:23:45 | `/addre ... inted}` | check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | The URL of this request depends on a user-provided value |
| check-path.js:24:13:24:65 | `/addre ... nted)}` | check-path.js:24:46:24:62 | req.query.tainted | check-path.js:24:13:24:65 | `/addre ... nted)}` | The URL of this request depends on a user-provided value |
| check-path.js:33:15:33:45 | 'test.c ... tainted | check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | The URL of this request depends on a user-provided value |
| check-path.js:37:15:37:45 | 'test.c ... tainted | check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | The URL of this request depends on a user-provided value |
| check-path.js:45:13:45:44 | `${base ... inted}` | check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | The URL of this request depends on a user-provided value |
| check-regex.js:24:15:24:42 | baseURL ... tainted | check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | The URL of this request depends on a user-provided value |
| check-regex.js:31:15:31:45 | "test.c ... tainted | check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | The URL of this request depends on a user-provided value |
| check-regex.js:34:15:34:42 | baseURL ... tainted | check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | The URL of this request depends on a user-provided value |
| check-regex.js:41:13:41:43 | "test.c ... tainted | check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | The URL of this request depends on a user-provided value |
| check-validator.js:15:15:15:45 | "test.c ... tainted | check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | The URL of this request depends on a user-provided value |
| check-validator.js:27:15:27:45 | "test.c ... tainted | check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | The URL of this request depends on a user-provided value |
| check-validator.js:50:15:50:45 | "test.c ... tainted | check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | The URL of this request depends on a user-provided value |
| check-validator.js:59:15:59:45 | "test.c ... tainted | check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | The URL of this request depends on a user-provided value |
| check-validator.js:62:15:62:37 | "test.c ... mberURL | check-validator.js:54:21:54:37 | req.query.tainted | check-validator.js:62:15:62:37 | "test.c ... mberURL | The URL of this request depends on a user-provided value |
| check-validator.js:68:15:68:45 | "test.c ... tainted | check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | The URL of this request depends on a user-provided value |
| check-domain.js:17:13:17:15 | url | check-domain.js:16:15:16:27 | req.query.url | check-domain.js:17:13:17:15 | url | The URL of this request depends on a user-provided value. |
| check-domain.js:26:15:26:27 | req.query.url | check-domain.js:26:15:26:27 | req.query.url | check-domain.js:26:15:26:27 | req.query.url | The URL of this request depends on a user-provided value. |
| check-middleware.js:9:13:9:43 | "test.c ... tainted | check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
| check-path.js:19:13:19:43 | 'test.c ... tainted | check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | The URL of this request depends on a user-provided value. |
| check-path.js:22:13:22:63 | 'test.c ... ainted) | check-path.js:22:46:22:62 | req.query.tainted | check-path.js:22:13:22:63 | 'test.c ... ainted) | The URL of this request depends on a user-provided value. |
| check-path.js:23:13:23:45 | `/addre ... inted}` | check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | The URL of this request depends on a user-provided value. |
| check-path.js:24:13:24:65 | `/addre ... nted)}` | check-path.js:24:46:24:62 | req.query.tainted | check-path.js:24:13:24:65 | `/addre ... nted)}` | The URL of this request depends on a user-provided value. |
| check-path.js:33:15:33:45 | 'test.c ... tainted | check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | The URL of this request depends on a user-provided value. |
| check-path.js:37:15:37:45 | 'test.c ... tainted | check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | The URL of this request depends on a user-provided value. |
| check-path.js:45:13:45:44 | `${base ... inted}` | check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | The URL of this request depends on a user-provided value. |
| check-regex.js:24:15:24:42 | baseURL ... tainted | check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | The URL of this request depends on a user-provided value. |
| check-regex.js:31:15:31:45 | "test.c ... tainted | check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
| check-regex.js:34:15:34:42 | baseURL ... tainted | check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | The URL of this request depends on a user-provided value. |
| check-regex.js:41:13:41:43 | "test.c ... tainted | check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
| check-validator.js:15:15:15:45 | "test.c ... tainted | check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
| check-validator.js:27:15:27:45 | "test.c ... tainted | check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
| check-validator.js:50:15:50:45 | "test.c ... tainted | check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
| check-validator.js:59:15:59:45 | "test.c ... tainted | check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
| check-validator.js:62:15:62:37 | "test.c ... mberURL | check-validator.js:54:21:54:37 | req.query.tainted | check-validator.js:62:15:62:37 | "test.c ... mberURL | The URL of this request depends on a user-provided value. |
| check-validator.js:68:15:68:45 | "test.c ... tainted | check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | The URL of this request depends on a user-provided value. |

26
javascript/ql/test/library-tests/Security/heuristics/sources.js
View File

@@ -1,14 +1,14 @@
(function() {
const password = '1234';
sink(password); // NOT OK
const s = JSON.stringify();
sink(s); // NOT OK
})();
(async function() {
const knex = require('knex');
const users = knex().select('*').from('users');
users.then(function (users) {
sink(users); // NOT OK
@@ -23,13 +23,13 @@
(function() {
const pg = require('pg');
const pool = new pg.Pool({});
pool.connect(async function (err, client, done) {
client.query('SELECT * FROM users', function (err, users) {
sink(users);
});
const thenable = client.query('SELECT * FROM users')
thenable.then(function(users) {
sink(users); // NOT OK
@@ -79,7 +79,7 @@
db.all('SELECT * FROM users', function (err, users) {
sink(users); // NOT OK
});
const sqlitepromise = db.all('SELECT * FROM users');
sink(await sqlitepromise); // NOT OK
@@ -100,13 +100,13 @@
(async function () {
const sql = require('mssql');
await sql.connect('...');
sql.query('SELECT * FROM users', function (err, users) {
sink(users); // NOT OK
});
const mssqlthenable = sql.query('SELECT * FROM users');
mssqlthenable.then(function (users) {
sink(users); // NOT OK
});
@@ -120,7 +120,7 @@
})();
(async function () {
const {Spanner} = require('@google-cloud/spanner');
const {Spanner, v1} = require('@google-cloud/spanner');
const db = new Spanner({projectId: 'test'})
.instance('instanceid')
.database('databaseid');
@@ -131,7 +131,7 @@
const [users] = (await db.executeSql('SELECT * FROM users', {}));
sink(users); // NOT OK
const spannerpromise = db.run({
sql: 'SELECT * FROM users'
});
@@ -144,7 +144,7 @@
sink(rows); // NOT OK
});
const client = new Spanner.v1.SpannerClient({});
const client = new v1.SpannerClient({});
client.executeSql('SELECT * FROM users', {}, function (err, users) {
sink(users); // NOT OK
});
@@ -166,7 +166,7 @@
(function () {
const { MongoClient } = require('mongodb');
MongoClient.connect('mongodb://localhost:1234', async function (err, db) {
const collection = db.collection('users');
const users = await collection.find({});
@@ -209,11 +209,11 @@
(async function () {
const { Collection } = require('marsdb');
const doc = new Collection('users');
const users = await doc.find({});
sink(users); // NOT OK
})();

4
javascript/ql/test/library-tests/frameworks/Express/XSS.qll Normal file
View File

@@ -0,0 +1,4 @@
import javascript
import semmle.javascript.security.dataflow.ReflectedXssCustomizations
query predicate test_Xss(ReflectedXss::Sink sink, Http::ResponseSendArgument res) { sink = res }

22
javascript/ql/test/library-tests/frameworks/Express/src/express.js
View File

@@ -34,12 +34,12 @@ app.post('/some/other/path', function(req, res) {
app.get('/', require('./exportedHandler.js').handler);
function getHandler() {
return function (req, res){}
return function(req, res) { }
}
app.use(getHandler());
function getArrowHandler() {
return (req, res) => f();
return (req, res) => f();
}
app.use(getArrowHandler());
@@ -49,3 +49,21 @@ app.post('/headers', function(req, res) {
req.hostname;
req.headers[config.headerName];
});
app.get('/some/xss1', function(req, res) {
res.header("Content-Type", "text/html");
res.send(req.params.foo)
foo(res);
});
app.get('/some/xss2', function(req, res) {
res.header("Content-Type", "application/xml");
res.send(req.params.foo)
foo(res);
});
app.get('/some/non-xss1', function(req, res) {
res.header("Content-Type", "text/plain");
res.send(req.params.foo)
foo(res);
});

260
javascript/ql/test/library-tests/frameworks/Express/tests.expected
View File

@@ -17,6 +17,9 @@ test_RouteHandlerExpr_getBody
| src/express.js:16:19:18:3 | functio ... ");\\n } | src/express.js:16:19:18:3 | functio ... ");\\n } |
| src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:22:30:32:1 | functio ... ar');\\n} |
| src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:46:22:51:1 | functio ... ame];\\n} |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/middleware-flow.js:13:16:13:24 | installDb | src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} |
| src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } |
@@ -48,6 +51,9 @@ test_RouteSetup
| src/express.js:16:3:18:4 | router. ... );\\n }) | src/express.js:2:11:2:19 | express() | false |
| src/express.js:22:1:32:2 | app.pos ... r');\\n}) | src/express.js:2:11:2:19 | express() | false |
| src/express.js:46:1:51:2 | app.pos ... me];\\n}) | src/express.js:2:11:2:19 | express() | false |
| src/express.js:53:1:57:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() | false |
| src/express.js:59:1:63:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() | false |
| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() | false |
| src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:2:11:2:19 | express() | false |
| src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:2:13:2:21 | express() | true |
| src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:2:13:2:21 | express() | false |
@@ -107,6 +113,9 @@ test_RouteSetup_getLastRouteHandlerExpr
| src/express.js:39:1:39:21 | app.use ... dler()) | src/express.js:39:9:39:20 | getHandler() |
| src/express.js:44:1:44:26 | app.use ... dler()) | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:46:1:51:2 | app.pos ... me];\\n}) | src/express.js:46:22:51:1 | functio ... ame];\\n} |
| src/express.js:53:1:57:2 | app.get ... es);\\n}) | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:59:1:63:2 | app.get ... es);\\n}) | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:13:16:13:24 | installDb |
| src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } |
@@ -753,7 +762,28 @@ test_RouterDefinition_getMiddlewareStackAt
| src/express.js:2:11:2:19 | express() | src/express.js:46:5:46:8 | post | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:46:10:46:19 | '/headers' | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:52:1:52:0 | exit node of <toplevel> | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:53:1:53:3 | app | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:53:1:53:7 | app.get | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:53:1:57:2 | app.get ... es);\\n}) | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:53:1:57:3 | app.get ... s);\\n}); | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:53:5:53:7 | get | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:53:9:53:20 | '/some/xss1' | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:59:1:59:3 | app | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:59:1:59:7 | app.get | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:59:1:63:2 | app.get ... es);\\n}) | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:59:1:63:3 | app.get ... s);\\n}); | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:59:5:59:7 | get | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:59:9:59:20 | '/some/xss2' | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:65:1:65:3 | app | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:65:1:65:7 | app.get | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:65:1:69:3 | app.get ... s);\\n}); | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:65:5:65:7 | get | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:65:9:65:24 | '/some/non-xss1' | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:2:11:2:19 | express() | src/express.js:70:1:70:0 | exit node of <toplevel> | src/express.js:44:9:44:25 | getArrowHandler() |
| src/middleware-flow.js:2:13:2:21 | express() | src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:13:16:13:24 | installDb |
| src/middleware-flow.js:2:13:2:21 | express() | src/middleware-flow.js:14:2:14:1 | exit node of functio ... lDb);\\n} | src/middleware-flow.js:13:16:13:24 | installDb |
| src/subrouter.js:2:11:2:19 | express() | src/subrouter.js:4:1:4:26 | app.use ... rotect) | src/subrouter.js:4:19:4:25 | protect |
@@ -872,14 +902,23 @@ test_isRequest
| src/express.js:28:3:28:5 | req |
| src/express.js:29:3:29:5 | req |
| src/express.js:30:3:30:5 | req |
| src/express.js:37:22:37:24 | req |
| src/express.js:42:13:42:15 | req |
| src/express.js:37:19:37:21 | req |
| src/express.js:42:11:42:13 | req |
| src/express.js:46:31:46:33 | req |
| src/express.js:46:31:46:33 | req |
| src/express.js:47:3:47:5 | req |
| src/express.js:48:3:48:5 | req |
| src/express.js:49:3:49:5 | req |
| src/express.js:50:3:50:5 | req |
| src/express.js:53:32:53:34 | req |
| src/express.js:53:32:53:34 | req |
| src/express.js:55:12:55:14 | req |
| src/express.js:59:32:59:34 | req |
| src/express.js:59:32:59:34 | req |
| src/express.js:61:12:61:14 | req |
| src/express.js:65:36:65:38 | req |
| src/express.js:65:36:65:38 | req |
| src/express.js:67:12:67:14 | req |
| src/inheritedFromNode.js:4:24:4:26 | req |
| src/inheritedFromNode.js:4:24:4:26 | req |
| src/inheritedFromNode.js:7:2:7:4 | req |
@@ -974,6 +1013,9 @@ test_RouteSetup_getRouter
| src/express.js:39:1:39:21 | app.use ... dler()) | src/express.js:2:11:2:19 | express() |
| src/express.js:44:1:44:26 | app.use ... dler()) | src/express.js:2:11:2:19 | express() |
| src/express.js:46:1:51:2 | app.pos ... me];\\n}) | src/express.js:2:11:2:19 | express() |
| src/express.js:53:1:57:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() |
| src/express.js:59:1:63:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() |
| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() |
| src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:2:11:2:19 | express() |
| src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:2:13:2:21 | express() |
| src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:2:13:2:21 | express() |
@@ -1022,6 +1064,9 @@ test_StandardRouteHandler
| src/express.js:16:19:18:3 | functio ... ");\\n } | src/express.js:2:11:2:19 | express() | src/express.js:16:28:16:30 | req | src/express.js:16:33:16:35 | res |
| src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:2:11:2:19 | express() | src/express.js:22:39:22:41 | req | src/express.js:22:44:22:46 | res |
| src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:2:11:2:19 | express() | src/express.js:46:31:46:33 | req | src/express.js:46:36:46:38 | res |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:2:11:2:19 | express() | src/express.js:53:32:53:34 | req | src/express.js:53:37:53:39 | res |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:2:11:2:19 | express() | src/express.js:59:32:59:34 | req | src/express.js:59:37:59:39 | res |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:2:11:2:19 | express() | src/express.js:65:36:65:38 | req | src/express.js:65:41:65:43 | res |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:2:11:2:19 | express() | src/inheritedFromNode.js:4:24:4:26 | req | src/inheritedFromNode.js:4:29:4:31 | res |
| src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} | src/middleware-flow.js:2:13:2:21 | express() | src/middleware-flow.js:5:20:5:22 | req | src/middleware-flow.js:5:25:5:27 | res |
| src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | src/middleware-flow.js:2:13:2:21 | express() | src/middleware-flow.js:17:25:17:27 | req | src/middleware-flow.js:17:30:17:32 | res |
@@ -1054,6 +1099,9 @@ test_RequestInputAccess
| src/express.js:48:3:48:10 | req.host | header | src/express.js:46:22:51:1 | functio ... ame];\\n} |
| src/express.js:49:3:49:14 | req.hostname | header | src/express.js:46:22:51:1 | functio ... ame];\\n} |
| src/express.js:50:3:50:32 | req.hea ... erName] | header | src/express.js:46:22:51:1 | functio ... ame];\\n} |
| src/express.js:55:12:55:25 | req.params.foo | parameter | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:61:12:61:25 | req.params.foo | parameter | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:67:12:67:25 | req.params.foo | parameter | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:7:2:7:8 | req.url | url | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/params.js:4:35:4:39 | value | parameter | src/params.js:4:18:12:1 | (req, r ... }\\n} |
| src/params.js:5:17:5:28 | req.query.xx | parameter | src/params.js:4:18:12:1 | (req, r ... }\\n} |
@@ -1066,6 +1114,12 @@ test_RouteHandler_getAResponseHeader
| src/express.js:4:23:9:1 | functio ... res);\\n} | access-control-allow-credentials | src/express.js:12:3:12:54 | arg.hea ... , true) |
| src/express.js:4:23:9:1 | functio ... res);\\n} | content-type | src/express.js:7:3:7:42 | res.hea ... plain") |
| src/express.js:4:23:9:1 | functio ... res);\\n} | location | src/express.js:6:3:6:45 | res.hea ... rget")) |
| src/express.js:53:23:57:1 | functio ... res);\\n} | access-control-allow-credentials | src/express.js:12:3:12:54 | arg.hea ... , true) |
| src/express.js:53:23:57:1 | functio ... res);\\n} | content-type | src/express.js:54:3:54:41 | res.hea ... /html") |
| src/express.js:59:23:63:1 | functio ... res);\\n} | access-control-allow-credentials | src/express.js:12:3:12:54 | arg.hea ... , true) |
| src/express.js:59:23:63:1 | functio ... res);\\n} | content-type | src/express.js:60:3:60:47 | res.hea ... n/xml") |
| src/express.js:65:27:69:1 | functio ... res);\\n} | access-control-allow-credentials | src/express.js:12:3:12:54 | arg.hea ... , true) |
| src/express.js:65:27:69:1 | functio ... res);\\n} | content-type | src/express.js:66:3:66:42 | res.hea ... plain") |
test_RouteSetup_handlesSameRequestMethodAs
| src/csurf-example.js:13:1:13:20 | app.use('/api', api) | src/csurf-example.js:16:1:16:51 | app.use ... lse })) |
| src/csurf-example.js:13:1:13:20 | app.use('/api', api) | src/csurf-example.js:17:1:17:23 | app.use ... rser()) |
@@ -1099,6 +1153,9 @@ test_RouteSetup_handlesSameRequestMethodAs
| src/csurf-example.js:32:3:34:4 | router. ... ')\\n }) | src/csurf-example.js:40:1:40:49 | app.pos ... es) {}) |
test_HeaderDefinition_defines
| src/express.js:7:3:7:42 | res.hea ... plain") | content-type | text/plain |
| src/express.js:54:3:54:41 | res.hea ... /html") | content-type | text/html |
| src/express.js:60:3:60:47 | res.hea ... n/xml") | content-type | application/xml |
| src/express.js:66:3:66:42 | res.hea ... plain") | content-type | text/plain |
test_ResponseExpr
| src/advanced-routehandler-registration.js:6:12:6:14 | res | src/advanced-routehandler-registration.js:6:6:6:35 | (req, r ... og(req) |
| src/advanced-routehandler-registration.js:7:12:7:14 | res | src/advanced-routehandler-registration.js:7:6:7:35 | (req, r ... og(req) |
@@ -1203,8 +1260,20 @@ test_ResponseExpr
| src/express.js:8:7:8:9 | res | src/express.js:4:23:9:1 | functio ... res);\\n} |
| src/express.js:11:14:11:16 | arg | src/express.js:4:23:9:1 | functio ... res);\\n} |
| src/express.js:11:14:11:16 | arg | src/express.js:4:23:9:1 | functio ... res);\\n} |
| src/express.js:11:14:11:16 | arg | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:11:14:11:16 | arg | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:11:14:11:16 | arg | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:11:14:11:16 | arg | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:11:14:11:16 | arg | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:11:14:11:16 | arg | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:12:3:12:5 | arg | src/express.js:4:23:9:1 | functio ... res);\\n} |
| src/express.js:12:3:12:5 | arg | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:12:3:12:5 | arg | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:12:3:12:5 | arg | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:4:23:9:1 | functio ... res);\\n} |
| src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:16:33:16:35 | res | src/express.js:16:19:18:3 | functio ... ");\\n } |
| src/express.js:16:33:16:35 | res | src/express.js:16:19:18:3 | functio ... ");\\n } |
| src/express.js:17:5:17:7 | res | src/express.js:16:19:18:3 | functio ... ");\\n } |
@@ -1213,9 +1282,30 @@ test_ResponseExpr
| src/express.js:22:44:22:46 | res | src/express.js:22:30:32:1 | functio ... ar');\\n} |
| src/express.js:31:3:31:5 | res | src/express.js:22:30:32:1 | functio ... ar');\\n} |
| src/express.js:31:3:31:26 | res.coo ... 'bar') | src/express.js:22:30:32:1 | functio ... ar');\\n} |
| src/express.js:37:27:37:29 | res | src/express.js:37:12:37:32 | functio ... res){} |
| src/express.js:42:18:42:20 | res | src/express.js:42:12:42:28 | (req, res) => f() |
| src/express.js:37:24:37:26 | res | src/express.js:37:10:37:31 | functio ... es) { } |
| src/express.js:42:16:42:18 | res | src/express.js:42:10:42:26 | (req, res) => f() |
| src/express.js:46:36:46:38 | res | src/express.js:46:22:51:1 | functio ... ame];\\n} |
| src/express.js:53:37:53:39 | res | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:53:37:53:39 | res | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:54:3:54:5 | res | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:54:3:54:41 | res.hea ... /html") | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:55:3:55:5 | res | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:55:3:55:26 | res.sen ... ms.foo) | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:56:7:56:9 | res | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:59:37:59:39 | res | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:59:37:59:39 | res | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:60:3:60:5 | res | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:60:3:60:47 | res.hea ... n/xml") | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:61:3:61:5 | res | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:61:3:61:26 | res.sen ... ms.foo) | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:62:7:62:9 | res | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:65:41:65:43 | res | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:65:41:65:43 | res | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:66:3:66:5 | res | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:66:3:66:42 | res.hea ... plain") | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:67:3:67:5 | res | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:67:3:67:26 | res.sen ... ms.foo) | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:68:7:68:9 | res | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:4:29:4:31 | res | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/inheritedFromNode.js:4:29:4:31 | res | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/inheritedFromNode.js:5:2:5:4 | res | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
@@ -1311,6 +1401,9 @@ test_RouterDefinition_getARouteHandler
| src/express.js:2:11:2:19 | express() | src/express.js:16:19:18:3 | functio ... ");\\n } |
| src/express.js:2:11:2:19 | express() | src/express.js:22:30:32:1 | functio ... ar');\\n} |
| src/express.js:2:11:2:19 | express() | src/express.js:46:22:51:1 | functio ... ame];\\n} |
| src/express.js:2:11:2:19 | express() | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:2:11:2:19 | express() | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:2:11:2:19 | express() | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:2:11:2:19 | express() | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/middleware-flow.js:2:13:2:21 | express() | src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} |
| src/middleware-flow.js:2:13:2:21 | express() | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } |
@@ -1374,12 +1467,21 @@ test_RouteHandlerExpr_getNextMiddleware
| src/express.js:39:9:39:20 | getHandler() | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:44:9:44:25 | getArrowHandler() | src/express.js:16:19:18:3 | functio ... ");\\n } |
| src/express.js:44:9:44:25 | getArrowHandler() | src/express.js:46:22:51:1 | functio ... ame];\\n} |
| src/express.js:44:9:44:25 | getArrowHandler() | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:44:9:44:25 | getArrowHandler() | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:44:9:44:25 | getArrowHandler() | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/subrouter.js:4:19:4:25 | protect | src/subrouter.js:5:14:5:28 | makeSubRouter() |
test_HeaderDefinition
| src/express3.js:5:3:5:51 | res.hea ... "val")) | src/express3.js:4:23:7:1 | functio ... al");\\n} |
| src/express.js:6:3:6:45 | res.hea ... rget")) | src/express.js:4:23:9:1 | functio ... res);\\n} |
| src/express.js:7:3:7:42 | res.hea ... plain") | src/express.js:4:23:9:1 | functio ... res);\\n} |
| src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:4:23:9:1 | functio ... res);\\n} |
| src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:54:3:54:41 | res.hea ... /html") | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:60:3:60:47 | res.hea ... n/xml") | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:66:3:66:42 | res.hea ... plain") | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:6:2:6:16 | res.setHeader() | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/responseExprs.js:19:5:19:16 | res.append() | src/responseExprs.js:16:30:42:1 | functio ... }\\n} |
| src/responseExprs.js:37:5:37:28 | f(res.a ... ppend() | src/responseExprs.js:16:30:42:1 | functio ... }\\n} |
@@ -1411,6 +1513,9 @@ test_RouteSetup_getServer
| src/express.js:16:3:18:4 | router. ... );\\n }) | src/express.js:2:11:2:19 | express() |
| src/express.js:22:1:32:2 | app.pos ... r');\\n}) | src/express.js:2:11:2:19 | express() |
| src/express.js:46:1:51:2 | app.pos ... me];\\n}) | src/express.js:2:11:2:19 | express() |
| src/express.js:53:1:57:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() |
| src/express.js:59:1:63:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() |
| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() |
| src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:2:11:2:19 | express() |
| src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:2:13:2:21 | express() |
| src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:2:13:2:21 | express() |
@@ -1426,6 +1531,9 @@ test_HeaderDefinition_getAHeaderName
| src/express.js:6:3:6:45 | res.hea ... rget")) | location |
| src/express.js:7:3:7:42 | res.hea ... plain") | content-type |
| src/express.js:12:3:12:54 | arg.hea ... , true) | access-control-allow-credentials |
| src/express.js:54:3:54:41 | res.hea ... /html") | content-type |
| src/express.js:60:3:60:47 | res.hea ... n/xml") | content-type |
| src/express.js:66:3:66:42 | res.hea ... plain") | content-type |
test_HeaderAccess
| src/express.js:28:3:28:16 | req.get("foo") | foo |
| src/express.js:29:3:29:19 | req.header("bar") | bar |
@@ -1485,6 +1593,9 @@ test_RouteHandlerExpr
| src/express.js:39:9:39:20 | getHandler() | src/express.js:39:1:39:21 | app.use ... dler()) | false |
| src/express.js:44:9:44:25 | getArrowHandler() | src/express.js:44:1:44:26 | app.use ... dler()) | false |
| src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:46:1:51:2 | app.pos ... me];\\n}) | true |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:53:1:57:2 | app.get ... es);\\n}) | true |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:59:1:63:2 | app.get ... es);\\n}) | true |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:65:1:69:2 | app.get ... es);\\n}) | true |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | true |
| src/middleware-flow.js:13:16:13:24 | installDb | src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | false |
| src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | true |
@@ -1539,6 +1650,9 @@ test_HeaderDefinition_getNameExpr
| src/express.js:6:3:6:45 | res.hea ... rget")) | src/express.js:6:14:6:23 | "Location" |
| src/express.js:7:3:7:42 | res.hea ... plain") | src/express.js:7:14:7:27 | "Content-Type" |
| src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:12:14:12:47 | "Access ... ntials" |
| src/express.js:54:3:54:41 | res.hea ... /html") | src/express.js:54:14:54:27 | "Content-Type" |
| src/express.js:60:3:60:47 | res.hea ... n/xml") | src/express.js:60:14:60:27 | "Content-Type" |
| src/express.js:66:3:66:42 | res.hea ... plain") | src/express.js:66:14:66:27 | "Content-Type" |
test_appCreation
| src/advanced-routehandler-registration.js:2:11:2:19 | express() |
| src/auth.js:1:13:1:32 | require('express')() |
@@ -1586,6 +1700,9 @@ test_RouteSetup_getRequestMethod
| src/express.js:22:1:32:2 | app.pos ... r');\\n}) | POST |
| src/express.js:34:1:34:53 | app.get ... andler) | GET |
| src/express.js:46:1:51:2 | app.pos ... me];\\n}) | POST |
| src/express.js:53:1:57:2 | app.get ... es);\\n}) | GET |
| src/express.js:59:1:63:2 | app.get ... es);\\n}) | GET |
| src/express.js:65:1:69:2 | app.get ... es);\\n}) | GET |
| src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | POST |
| src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | GET |
| src/middleware-flow.js:27:9:27:33 | router. ... ers[p]) | GET |
@@ -1714,9 +1831,42 @@ test_RouteHandler_getAResponseExpr
| src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:22:44:22:46 | res |
| src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:31:3:31:5 | res |
| src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:31:3:31:26 | res.coo ... 'bar') |
| src/express.js:37:12:37:32 | functio ... res){} | src/express.js:37:27:37:29 | res |
| src/express.js:42:12:42:28 | (req, res) => f() | src/express.js:42:18:42:20 | res |
| src/express.js:37:10:37:31 | functio ... es) { } | src/express.js:37:24:37:26 | res |
| src/express.js:42:10:42:26 | (req, res) => f() | src/express.js:42:16:42:18 | res |
| src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:46:36:46:38 | res |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:11:14:11:16 | arg |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:11:14:11:16 | arg |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:12:3:12:5 | arg |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:12:3:12:54 | arg.hea ... , true) |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:53:37:53:39 | res |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:53:37:53:39 | res |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:54:3:54:5 | res |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:54:3:54:41 | res.hea ... /html") |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:55:3:55:5 | res |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:55:3:55:26 | res.sen ... ms.foo) |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:56:7:56:9 | res |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:11:14:11:16 | arg |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:11:14:11:16 | arg |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:12:3:12:5 | arg |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:12:3:12:54 | arg.hea ... , true) |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:59:37:59:39 | res |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:59:37:59:39 | res |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:60:3:60:5 | res |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:60:3:60:47 | res.hea ... n/xml") |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:61:3:61:5 | res |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:61:3:61:26 | res.sen ... ms.foo) |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:62:7:62:9 | res |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:11:14:11:16 | arg |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:11:14:11:16 | arg |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:12:3:12:5 | arg |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:12:3:12:54 | arg.hea ... , true) |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:65:41:65:43 | res |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:65:41:65:43 | res |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:66:3:66:5 | res |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:66:3:66:42 | res.hea ... plain") |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:67:3:67:5 | res |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:67:3:67:26 | res.sen ... ms.foo) |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:68:7:68:9 | res |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:29:4:31 | res |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:29:4:31 | res |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:5:2:5:4 | res |
@@ -1890,9 +2040,30 @@ test_isResponse
| src/express.js:22:44:22:46 | res |
| src/express.js:31:3:31:5 | res |
| src/express.js:31:3:31:26 | res.coo ... 'bar') |
| src/express.js:37:27:37:29 | res |
| src/express.js:42:18:42:20 | res |
| src/express.js:37:24:37:26 | res |
| src/express.js:42:16:42:18 | res |
| src/express.js:46:36:46:38 | res |
| src/express.js:53:37:53:39 | res |
| src/express.js:53:37:53:39 | res |
| src/express.js:54:3:54:5 | res |
| src/express.js:54:3:54:41 | res.hea ... /html") |
| src/express.js:55:3:55:5 | res |
| src/express.js:55:3:55:26 | res.sen ... ms.foo) |
| src/express.js:56:7:56:9 | res |
| src/express.js:59:37:59:39 | res |
| src/express.js:59:37:59:39 | res |
| src/express.js:60:3:60:5 | res |
| src/express.js:60:3:60:47 | res.hea ... n/xml") |
| src/express.js:61:3:61:5 | res |
| src/express.js:61:3:61:26 | res.sen ... ms.foo) |
| src/express.js:62:7:62:9 | res |
| src/express.js:65:41:65:43 | res |
| src/express.js:65:41:65:43 | res |
| src/express.js:66:3:66:5 | res |
| src/express.js:66:3:66:42 | res.hea ... plain") |
| src/express.js:67:3:67:5 | res |
| src/express.js:67:3:67:26 | res.sen ... ms.foo) |
| src/express.js:68:7:68:9 | res |
| src/inheritedFromNode.js:4:29:4:31 | res |
| src/inheritedFromNode.js:4:29:4:31 | res |
| src/inheritedFromNode.js:5:2:5:4 | res |
@@ -1976,6 +2147,9 @@ test_ResponseBody
| src/express3.js:6:12:6:16 | "val" | src/express3.js:4:23:7:1 | functio ... al");\\n} |
| src/express4.js:8:12:8:19 | dynamic1 | src/express4.js:4:23:9:1 | functio ... ic1);\\n} |
| src/express.js:17:14:17:23 | "Go away." | src/express.js:16:19:18:3 | functio ... ");\\n } |
| src/express.js:55:12:55:25 | req.params.foo | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:61:12:61:25 | req.params.foo | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:67:12:67:25 | req.params.foo | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/params.js:8:18:8:22 | value | src/params.js:4:18:12:1 | (req, r ... }\\n} |
| src/params.js:15:12:15:18 | "Hello" | src/params.js:14:24:16:1 | functio ... lo");\\n} |
test_ResponseSendArgument
@@ -1984,6 +2158,9 @@ test_ResponseSendArgument
| src/express3.js:6:12:6:16 | "val" | src/express3.js:4:23:7:1 | functio ... al");\\n} |
| src/express4.js:8:12:8:19 | dynamic1 | src/express4.js:4:23:9:1 | functio ... ic1);\\n} |
| src/express.js:17:14:17:23 | "Go away." | src/express.js:16:19:18:3 | functio ... ");\\n } |
| src/express.js:55:12:55:25 | req.params.foo | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:61:12:61:25 | req.params.foo | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:67:12:67:25 | req.params.foo | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/params.js:8:18:8:22 | value | src/params.js:4:18:12:1 | (req, r ... }\\n} |
| src/params.js:15:12:15:18 | "Hello" | src/params.js:14:24:16:1 | functio ... lo");\\n} |
test_RouteSetup_getARouteHandler
@@ -2078,12 +2255,15 @@ test_RouteSetup_getARouteHandler
| src/express.js:34:1:34:53 | app.get ... andler) | src/exportedHandler.js:1:19:1:55 | functio ... res) {} |
| src/express.js:34:1:34:53 | app.get ... andler) | src/express.js:34:14:34:52 | require ... handler |
| src/express.js:39:1:39:21 | app.use ... dler()) | src/express.js:36:1:38:1 | return of function getHandler |
| src/express.js:39:1:39:21 | app.use ... dler()) | src/express.js:37:12:37:32 | functio ... res){} |
| src/express.js:39:1:39:21 | app.use ... dler()) | src/express.js:37:10:37:31 | functio ... es) { } |
| src/express.js:39:1:39:21 | app.use ... dler()) | src/express.js:39:9:39:20 | getHandler() |
| src/express.js:44:1:44:26 | app.use ... dler()) | src/express.js:41:1:43:1 | return of function getArrowHandler |
| src/express.js:44:1:44:26 | app.use ... dler()) | src/express.js:42:12:42:28 | (req, res) => f() |
| src/express.js:44:1:44:26 | app.use ... dler()) | src/express.js:42:10:42:26 | (req, res) => f() |
| src/express.js:44:1:44:26 | app.use ... dler()) | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:46:1:51:2 | app.pos ... me];\\n}) | src/express.js:46:22:51:1 | functio ... ame];\\n} |
| src/express.js:53:1:57:2 | app.get ... es);\\n}) | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:59:1:63:2 | app.get ... es);\\n}) | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} |
| src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } |
@@ -2304,6 +2484,12 @@ test_RouteHandlerExpr_getAMatchingAncestor
| src/express.js:44:9:44:25 | getArrowHandler() | src/express.js:39:9:39:20 | getHandler() |
| src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:39:9:39:20 | getHandler() |
| src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:39:9:39:20 | getHandler() |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:39:9:39:20 | getHandler() |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:39:9:39:20 | getHandler() |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() |
test_isRouterCreation
| es6-imported-router.js:3:1:3:12 | new Router() |
| src/advanced-routehandler-registration.js:2:11:2:19 | express() |
@@ -2380,6 +2566,9 @@ test_RouteSetup_getRouteHandlerExpr
| src/express.js:39:1:39:21 | app.use ... dler()) | 0 | src/express.js:39:9:39:20 | getHandler() |
| src/express.js:44:1:44:26 | app.use ... dler()) | 0 | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:46:1:51:2 | app.pos ... me];\\n}) | 0 | src/express.js:46:22:51:1 | functio ... ame];\\n} |
| src/express.js:53:1:57:2 | app.get ... es);\\n}) | 0 | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:59:1:63:2 | app.get ... es);\\n}) | 0 | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:65:1:69:2 | app.get ... es);\\n}) | 0 | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | 0 | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | 0 | src/middleware-flow.js:13:16:13:24 | installDb |
| src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | 0 | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } |
@@ -2474,9 +2663,12 @@ test_RouteHandler
| src/express.js:4:23:9:1 | functio ... res);\\n} | src/express.js:4:32:4:34 | req | src/express.js:4:37:4:39 | res |
| src/express.js:16:19:18:3 | functio ... ");\\n } | src/express.js:16:28:16:30 | req | src/express.js:16:33:16:35 | res |
| src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:22:39:22:41 | req | src/express.js:22:44:22:46 | res |
| src/express.js:37:12:37:32 | functio ... res){} | src/express.js:37:22:37:24 | req | src/express.js:37:27:37:29 | res |
| src/express.js:42:12:42:28 | (req, res) => f() | src/express.js:42:13:42:15 | req | src/express.js:42:18:42:20 | res |
| src/express.js:37:10:37:31 | functio ... es) { } | src/express.js:37:19:37:21 | req | src/express.js:37:24:37:26 | res |
| src/express.js:42:10:42:26 | (req, res) => f() | src/express.js:42:11:42:13 | req | src/express.js:42:16:42:18 | res |
| src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:46:31:46:33 | req | src/express.js:46:36:46:38 | res |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:53:32:53:34 | req | src/express.js:53:37:53:39 | res |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:59:32:59:34 | req | src/express.js:59:37:59:39 | res |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:65:36:65:38 | req | src/express.js:65:41:65:43 | res |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:24:4:26 | req | src/inheritedFromNode.js:4:29:4:31 | res |
| src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} | src/middleware-flow.js:5:20:5:22 | req | src/middleware-flow.js:5:25:5:27 | res |
| src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | src/middleware-flow.js:17:25:17:27 | req | src/middleware-flow.js:17:30:17:32 | res |
@@ -2546,6 +2738,9 @@ test_RouteSetup_getARouteHandlerExpr
| src/express.js:39:1:39:21 | app.use ... dler()) | src/express.js:39:9:39:20 | getHandler() |
| src/express.js:44:1:44:26 | app.use ... dler()) | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:46:1:51:2 | app.pos ... me];\\n}) | src/express.js:46:22:51:1 | functio ... ame];\\n} |
| src/express.js:53:1:57:2 | app.get ... es);\\n}) | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:59:1:63:2 | app.get ... es);\\n}) | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:13:16:13:24 | installDb |
| src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } |
@@ -2608,6 +2803,9 @@ test_RouteHandlerExpr_getPreviousMiddleware
| src/express.js:16:19:18:3 | functio ... ");\\n } | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:44:9:44:25 | getArrowHandler() | src/express.js:39:9:39:20 | getHandler() |
| src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() |
| src/subrouter.js:5:14:5:28 | makeSubRouter() | src/subrouter.js:4:19:4:25 | protect |
test_RequestExpr
| src/advanced-routehandler-registration.js:6:7:6:9 | req | src/advanced-routehandler-registration.js:6:6:6:35 | (req, r ... og(req) |
@@ -2735,14 +2933,23 @@ test_RequestExpr
| src/express.js:28:3:28:5 | req | src/express.js:22:30:32:1 | functio ... ar');\\n} |
| src/express.js:29:3:29:5 | req | src/express.js:22:30:32:1 | functio ... ar');\\n} |
| src/express.js:30:3:30:5 | req | src/express.js:22:30:32:1 | functio ... ar');\\n} |
| src/express.js:37:22:37:24 | req | src/express.js:37:12:37:32 | functio ... res){} |
| src/express.js:42:13:42:15 | req | src/express.js:42:12:42:28 | (req, res) => f() |
| src/express.js:37:19:37:21 | req | src/express.js:37:10:37:31 | functio ... es) { } |
| src/express.js:42:11:42:13 | req | src/express.js:42:10:42:26 | (req, res) => f() |
| src/express.js:46:31:46:33 | req | src/express.js:46:22:51:1 | functio ... ame];\\n} |
| src/express.js:46:31:46:33 | req | src/express.js:46:22:51:1 | functio ... ame];\\n} |
| src/express.js:47:3:47:5 | req | src/express.js:46:22:51:1 | functio ... ame];\\n} |
| src/express.js:48:3:48:5 | req | src/express.js:46:22:51:1 | functio ... ame];\\n} |
| src/express.js:49:3:49:5 | req | src/express.js:46:22:51:1 | functio ... ame];\\n} |
| src/express.js:50:3:50:5 | req | src/express.js:46:22:51:1 | functio ... ame];\\n} |
| src/express.js:53:32:53:34 | req | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:53:32:53:34 | req | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:55:12:55:14 | req | src/express.js:53:23:57:1 | functio ... res);\\n} |
| src/express.js:59:32:59:34 | req | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:59:32:59:34 | req | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:61:12:61:14 | req | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:65:36:65:38 | req | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:65:36:65:38 | req | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:67:12:67:14 | req | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:4:24:4:26 | req | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/inheritedFromNode.js:4:24:4:26 | req | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/inheritedFromNode.js:7:2:7:4 | req | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
@@ -2926,14 +3133,23 @@ test_RouteHandler_getARequestExpr
| src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:28:3:28:5 | req |
| src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:29:3:29:5 | req |
| src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:30:3:30:5 | req |
| src/express.js:37:12:37:32 | functio ... res){} | src/express.js:37:22:37:24 | req |
| src/express.js:42:12:42:28 | (req, res) => f() | src/express.js:42:13:42:15 | req |
| src/express.js:37:10:37:31 | functio ... es) { } | src/express.js:37:19:37:21 | req |
| src/express.js:42:10:42:26 | (req, res) => f() | src/express.js:42:11:42:13 | req |
| src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:46:31:46:33 | req |
| src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:46:31:46:33 | req |
| src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:47:3:47:5 | req |
| src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:48:3:48:5 | req |
| src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:49:3:49:5 | req |
| src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:50:3:50:5 | req |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:53:32:53:34 | req |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:53:32:53:34 | req |
| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:55:12:55:14 | req |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:59:32:59:34 | req |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:59:32:59:34 | req |
| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:61:12:61:14 | req |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:65:36:65:38 | req |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:65:36:65:38 | req |
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:67:12:67:14 | req |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:24:4:26 | req |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:24:4:26 | req |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:7:2:7:4 | req |
@@ -3022,3 +3238,13 @@ dbUse
| src/middleware-flow.js:20:9:20:26 | req.deep.access.db |
| src/middleware-flow.js:23:33:23:38 | req.db |
| src/middleware-flow.js:24:33:24:38 | req.db |
test_Xss
| src/csurf-example.js:26:12:26:42 | 'csrf w ... t here' | src/csurf-example.js:26:12:26:42 | 'csrf w ... t here' |
| src/csurf-example.js:33:14:33:34 | 'no csr ... t here' | src/csurf-example.js:33:14:33:34 | 'no csr ... t here' |
| src/express3.js:6:12:6:16 | "val" | src/express3.js:6:12:6:16 | "val" |
| src/express4.js:8:12:8:19 | dynamic1 | src/express4.js:8:12:8:19 | dynamic1 |
| src/express.js:17:14:17:23 | "Go away." | src/express.js:17:14:17:23 | "Go away." |
| src/express.js:55:12:55:25 | req.params.foo | src/express.js:55:12:55:25 | req.params.foo |
| src/express.js:61:12:61:25 | req.params.foo | src/express.js:61:12:61:25 | req.params.foo |
| src/params.js:8:18:8:22 | value | src/params.js:8:18:8:22 | value |
| src/params.js:15:12:15:18 | "Hello" | src/params.js:15:12:15:18 | "Hello" |

1
javascript/ql/test/library-tests/frameworks/Express/tests.ql
View File

@@ -47,3 +47,4 @@ import Credentials
import RouteHandler_getARequestExpr
import RouteHandlerContainer
import MiddlewareFlow
import XSS

4
javascript/ql/test/library-tests/frameworks/SQL/SqlString.expected
View File

@@ -41,7 +41,11 @@
| sequelize-types.ts:7:24:7:35 | 'SELECT 123' |
| sequelize.js:8:17:8:118 | 'SELECT ... Y name' |
| sequelizeImport.js:3:17:3:118 | 'SELECT ... Y name' |
| spanner2.js:4:19:4:59 | "not SQ ... anyway" |
| spanner2.js:5:19:5:37 | { sql: "SQL code" } |
| spanner2.js:5:26:5:35 | "SQL code" |
| spanner2.js:6:28:6:68 | "not SQ ... anyway" |
| spanner2.js:7:28:7:46 | { sql: "SQL code" } |
| spanner2.js:7:35:7:44 | "SQL code" |
| spanner-types.ts:4:12:4:23 | 'SELECT 123' |
| spanner.js:6:8:6:17 | "SQL code" |

4
javascript/ql/test/library-tests/frameworks/SQL/spanner2.js
View File

@@ -1,7 +1,7 @@
const spanner = require("@google-cloud/spanner");
const client = new spanner.v1.SpannerClient({});
client.executeSql("not SQL code", (err, rows) => {});
client.executeSql("not SQL code but treated as sink anyway", (err, rows) => {});
client.executeSql({ sql: "SQL code" }, (err, rows) => {});
client.executeStreamingSql("not SQL code", (err, rows) => {});
client.executeStreamingSql("not SQL code but treated as sink anyway", (err, rows) => {});
client.executeStreamingSql({ sql: "SQL code" }, (err, rows) => {});

30
javascript/ql/test/library-tests/frameworks/Templating/CodeInjection.expected
View File

@@ -136,18 +136,18 @@ edges
| views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} |
| views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} |
#select
| views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | $@ flows to this location and is interpreted by AngularJS, which may evaluate it as code. | app.js:65:22:65:42 | req.que ... pedHtml | User-provided value |
| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | $@ flows to this location and is interpreted by AngularJS, which may evaluate it as code. | app.js:66:18:66:34 | req.query.rawHtml | User-provided value |
| views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | $@ flows to this location and is interpreted by AngularJS, which may evaluate it as code. | app.js:65:22:65:42 | req.que ... pedHtml | User-provided value |
| views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | $@ flows to this location and is interpreted by AngularJS, which may evaluate it as code. | app.js:66:18:66:34 | req.query.rawHtml | User-provided value |
| views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | app.js:15:30:15:58 | req.que ... tedCode | views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | $@ flows to this location and is interpreted as code. | app.js:15:30:15:58 | req.que ... tedCode | User-provided value |
| views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | app.js:17:25:17:48 | req.que ... shSink1 | views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | $@ flows to this location and is interpreted as code. | app.js:17:25:17:48 | req.que ... shSink1 | User-provided value |
| views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | app.js:19:35:19:68 | req.que ... rString | views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | $@ flows to this location and is interpreted as code. | app.js:19:35:19:68 | req.que ... rString | User-provided value |
| views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | app.js:34:30:34:58 | req.que ... tedCode | views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | $@ flows to this location and is interpreted as code. | app.js:34:30:34:58 | req.que ... tedCode | User-provided value |
| views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | app.js:36:25:36:48 | req.que ... shSink1 | views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | $@ flows to this location and is interpreted as code. | app.js:36:25:36:48 | req.que ... shSink1 | User-provided value |
| views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | app.js:38:35:38:68 | req.que ... rString | views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | $@ flows to this location and is interpreted as code. | app.js:38:35:38:68 | req.que ... rString | User-provided value |
| views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | app.js:53:30:53:58 | req.que ... tedCode | views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | $@ flows to this location and is interpreted as code. | app.js:53:30:53:58 | req.que ... tedCode | User-provided value |
| views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | $@ flows to this location and is interpreted as code. | app.js:54:33:54:64 | req.que ... CodeRaw | User-provided value |
| views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | app.js:56:25:56:48 | req.que ... shSink1 | views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | $@ flows to this location and is interpreted as code. | app.js:56:25:56:48 | req.que ... shSink1 | User-provided value |
| views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | app.js:58:35:58:68 | req.que ... rString | views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | $@ flows to this location and is interpreted as code. | app.js:58:35:58:68 | req.que ... rString | User-provided value |
| views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | $@ flows to this location and is interpreted as code. | app.js:59:38:59:74 | req.que ... ringRaw | User-provided value |
| views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | This AngularJS template, which may contain code, depends on a $@. | app.js:65:22:65:42 | req.que ... pedHtml | user-provided value |
| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | This AngularJS template, which may contain code, depends on a $@. | app.js:66:18:66:34 | req.query.rawHtml | user-provided value |
| views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | This AngularJS template, which may contain code, depends on a $@. | app.js:65:22:65:42 | req.que ... pedHtml | user-provided value |
| views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | This AngularJS template, which may contain code, depends on a $@. | app.js:66:18:66:34 | req.query.rawHtml | user-provided value |
| views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | app.js:15:30:15:58 | req.que ... tedCode | views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | This code execution depends on a $@. | app.js:15:30:15:58 | req.que ... tedCode | user-provided value |
| views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | app.js:17:25:17:48 | req.que ... shSink1 | views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | This code execution depends on a $@. | app.js:17:25:17:48 | req.que ... shSink1 | user-provided value |
| views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | app.js:19:35:19:68 | req.que ... rString | views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | This code execution depends on a $@. | app.js:19:35:19:68 | req.que ... rString | user-provided value |
| views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | app.js:34:30:34:58 | req.que ... tedCode | views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | This code execution depends on a $@. | app.js:34:30:34:58 | req.que ... tedCode | user-provided value |
| views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | app.js:36:25:36:48 | req.que ... shSink1 | views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | This code execution depends on a $@. | app.js:36:25:36:48 | req.que ... shSink1 | user-provided value |
| views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | app.js:38:35:38:68 | req.que ... rString | views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | This code execution depends on a $@. | app.js:38:35:38:68 | req.que ... rString | user-provided value |
| views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | app.js:53:30:53:58 | req.que ... tedCode | views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | This code execution depends on a $@. | app.js:53:30:53:58 | req.que ... tedCode | user-provided value |
| views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | This code execution depends on a $@. | app.js:54:33:54:64 | req.que ... CodeRaw | user-provided value |
| views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | app.js:56:25:56:48 | req.que ... shSink1 | views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | This code execution depends on a $@. | app.js:56:25:56:48 | req.que ... shSink1 | user-provided value |
| views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | app.js:58:35:58:68 | req.que ... rString | views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | This code execution depends on a $@. | app.js:58:35:58:68 | req.que ... rString | user-provided value |
| views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | This code execution depends on a $@. | app.js:59:38:59:74 | req.que ... ringRaw | user-provided value |

4
javascript/ql/test/qlpack.yml
View File

@@ -1,7 +1,7 @@
name: codeql/javascript-tests
groups: [javascript, test]
dependencies:
codeql/javascript-all: "*"
codeql/javascript-queries: "*"
codeql/javascript-all: ${workspace}
codeql/javascript-queries: ${workspace}
extractor: javascript
tests: .

10
javascript/ql/test/query-tests/AngularJS/DuplicateDependency/DuplicateDependency.expected
View File

@@ -1,5 +1,5 @@
| duplicates.js:2:5:2:18 | function f(){} | This function has a duplicate dependency '$@'. | duplicates.js:3:26:3:31 | 'dup5' | dup5 |
| duplicates.js:6:33:6:56 | functio ... up2b){} | This function has a duplicate dependency '$@'. | duplicates.js:6:24:6:30 | 'dup2a' | dup2a |
| duplicates.js:7:33:7:56 | functio ... up3b){} | This function has a duplicate dependency '$@'. | duplicates.js:7:24:7:30 | 'dup3b' | dup3b |
| duplicates.js:8:43:8:78 | functio ... up4C){} | This function has a duplicate dependency '$@'. | duplicates.js:8:35:8:40 | 'dup4' | dup4 |
| duplicates.js:15:35:15:112 | functio ... } | This function has a duplicate dependency '$@'. | duplicates.js:15:25:15:32 | 'dup11a' | dup11a |
| duplicates.js:2:5:2:18 | function f(){} | This function has a duplicate dependency $@. | duplicates.js:3:26:3:31 | 'dup5' | dup5 |
| duplicates.js:6:33:6:56 | functio ... up2b){} | This function has a duplicate dependency $@. | duplicates.js:6:24:6:30 | 'dup2a' | dup2a |
| duplicates.js:7:33:7:56 | functio ... up3b){} | This function has a duplicate dependency $@. | duplicates.js:7:24:7:30 | 'dup3b' | dup3b |
| duplicates.js:8:43:8:78 | functio ... up4C){} | This function has a duplicate dependency $@. | duplicates.js:8:35:8:40 | 'dup4' | dup4 |
| duplicates.js:15:35:15:112 | functio ... } | This function has a duplicate dependency $@. | duplicates.js:15:25:15:32 | 'dup11a' | dup11a |

10
javascript/ql/test/query-tests/AngularJS/InsecureUrlWhitelist/InsecureUrlWhitelist.expected
View File

@@ -1,5 +1,5 @@
| tst.js:3:9:23:10 | $sceDel ... ]) | '$@' is not a secure whitelist entry, because the TLD '*' is insecurely specified. | tst.js:8:13:8:31 | "https://example.*" | "https://example.*" |
| tst.js:3:9:23:10 | $sceDel ... ]) | '$@' is not a secure whitelist entry, because the domain '**.example.com' is insecurely specified. | tst.js:6:13:6:38 | "https: ... .com/*" | "https: ... .com/*" |
| tst.js:3:9:23:10 | $sceDel ... ]) | '$@' is not a secure whitelist entry, because the domain 'example.**' is insecurely specified. | tst.js:7:13:7:32 | "https://example.**" | "https://example.**" |
| tst.js:3:9:23:10 | $sceDel ... ]) | '$@' is not a secure whitelist entry, because the scheme '*' is insecurely specified. | tst.js:5:13:5:31 | "*://example.org/*" | "*://example.org/*" |
| tst.js:3:9:23:10 | $sceDel ... ]) | '$@' is not a secure whitelist entry, because the scheme '**' is insecurely specified. | tst.js:4:13:4:32 | "**://example.com/*" | "**://example.com/*" |
| tst.js:3:9:23:10 | $sceDel ... ]) | $@ is not a secure whitelist entry, because the TLD '*' is insecurely specified. | tst.js:8:13:8:31 | "https://example.*" | "https://example.*" |
| tst.js:3:9:23:10 | $sceDel ... ]) | $@ is not a secure whitelist entry, because the domain '**.example.com' is insecurely specified. | tst.js:6:13:6:38 | "https: ... .com/*" | "https: ... .com/*" |
| tst.js:3:9:23:10 | $sceDel ... ]) | $@ is not a secure whitelist entry, because the domain 'example.**' is insecurely specified. | tst.js:7:13:7:32 | "https://example.**" | "https://example.**" |
| tst.js:3:9:23:10 | $sceDel ... ]) | $@ is not a secure whitelist entry, because the scheme '*' is insecurely specified. | tst.js:5:13:5:31 | "*://example.org/*" | "*://example.org/*" |
| tst.js:3:9:23:10 | $sceDel ... ]) | $@ is not a secure whitelist entry, because the scheme '**' is insecurely specified. | tst.js:4:13:4:32 | "**://example.com/*" | "**://example.com/*" |

6
javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.expected
View File

@@ -1,3 +1,3 @@
| DuplicateAttributes.html:1:4:1:28 | href=https://semmle.com | This attribute is duplicated $@. | DuplicateAttributes.html:1:30:1:54 | href=https://semmle.com | here |
| tst.js:9:4:9:28 | href="h ... le.com" | This attribute is duplicated $@. | tst.js:9:30:9:54 | href="h ... le.com" | here |
| tst.js:25:17:25:28 | id="theDiff" | This attribute is duplicated $@. | tst.js:25:30:25:41 | id="theDiff" | here |
| DuplicateAttributes.html:1:4:1:28 | href=https://semmle.com | This attribute $@. | DuplicateAttributes.html:1:30:1:54 | href=https://semmle.com | is duplicated later |
| tst.js:9:4:9:28 | href="h ... le.com" | This attribute $@. | tst.js:9:30:9:54 | href="h ... le.com" | is duplicated later |
| tst.js:25:17:25:28 | id="theDiff" | This attribute $@. | tst.js:25:30:25:41 | id="theDiff" | is duplicated later |

2
javascript/ql/test/query-tests/Declarations/ClobberingVarInit/ClobberingVarInit.expected
View File

@@ -1 +1 @@
| tst.js:3:24:3:36 | key = iter[1] | This initialization of key overwrites $@. | tst.js:3:9:3:21 | key = iter[0] | an earlier initialization |
| tst.js:3:24:3:36 | key = iter[1] | This initialization of key overwrites an $@. | tst.js:3:9:3:21 | key = iter[0] | earlier initialization |

2
javascript/ql/test/query-tests/Declarations/DuplicateVarDecl/DuplicateVarDecl.expected
View File

@@ -1 +1 @@
| tst.js:2:11:2:16 | a = 42 | Variable a has already been declared $@. | tst.js:2:5:2:5 | a | here |
| tst.js:2:11:2:16 | a = 42 | Variable a has already $@. | tst.js:2:5:2:5 | a | been previously declared |

16
javascript/ql/test/query-tests/Declarations/RedeclaredVariable/RedeclaredVariable.expected
View File

@@ -1,8 +1,8 @@
| sameNameForFunctionAndVariable.js:2:10:2:13 | fun1 | This variable has already been declared $@. | sameNameForFunctionAndVariable.js:1:5:1:8 | fun1 | here |
| sameNameForFunctionAndVariable.js:7:5:7:8 | fun2 | This variable has already been declared $@. | sameNameForFunctionAndVariable.js:5:10:5:13 | fun2 | here |
| tst3.js:9:10:9:10 | f | This variable has already been declared $@. | tst3.js:3:10:3:10 | f | here |
| tst4.js:3:7:3:7 | x | This variable has already been declared $@. | tst4.js:2:7:2:7 | x | here |
| tst4.js:7:7:7:7 | x | This variable has already been declared $@. | tst4.js:6:12:6:12 | x | here |
| tst4.js:12:12:12:12 | i | This variable has already been declared $@. | tst4.js:11:7:11:7 | i | here |
| tst4.js:19:7:19:7 | y | This variable has already been declared $@. | tst4.js:17:7:17:7 | y | here |
| tst4.js:22:5:22:5 | g | This variable has already been declared $@. | tst4.js:6:10:6:10 | g | here |
| sameNameForFunctionAndVariable.js:2:10:2:13 | fun1 | This variable has already $@. | sameNameForFunctionAndVariable.js:1:5:1:8 | fun1 | been declared |
| sameNameForFunctionAndVariable.js:7:5:7:8 | fun2 | This variable has already $@. | sameNameForFunctionAndVariable.js:5:10:5:13 | fun2 | been declared |
| tst3.js:9:10:9:10 | f | This variable has already $@. | tst3.js:3:10:3:10 | f | been declared |
| tst4.js:3:7:3:7 | x | This variable has already $@. | tst4.js:2:7:2:7 | x | been declared |
| tst4.js:7:7:7:7 | x | This variable has already $@. | tst4.js:6:12:6:12 | x | been declared |
| tst4.js:12:12:12:12 | i | This variable has already $@. | tst4.js:11:7:11:7 | i | been declared |
| tst4.js:19:7:19:7 | y | This variable has already $@. | tst4.js:17:7:17:7 | y | been declared |
| tst4.js:22:5:22:5 | g | This variable has already $@. | tst4.js:6:10:6:10 | g | been declared |

16
javascript/ql/test/query-tests/Expressions/DuplicateProperty/DuplicateProperty.expected
View File

@@ -1,8 +1,8 @@
| tst2.js:4:3:6:3 | getX: f ... .x;\\n } | This property is duplicated $@. | tst2.js:12:3:14:3 | getX: f ... .x;\\n } | here |
| tst.js:2:3:2:16 | "key": "value" | This property is duplicated $@. | tst.js:5:3:5:16 | "key": "value" | here |
| tst.js:4:3:4:14 | "1": "value" | This property is duplicated $@. | tst.js:11:3:11:12 | 1: "value" | here |
| tst.js:5:3:5:16 | "key": "value" | This property is duplicated $@. | tst.js:6:3:6:16 | 'key': "value" | here |
| tst.js:6:3:6:16 | 'key': "value" | This property is duplicated $@. | tst.js:7:3:7:14 | key: "value" | here |
| tst.js:7:3:7:14 | key: "value" | This property is duplicated $@. | tst.js:8:3:8:19 | \\u006bey: "value" | here |
| tst.js:8:3:8:19 | \\u006bey: "value" | This property is duplicated $@. | tst.js:9:3:9:21 | "\\u006bey": "value" | here |
| tst.js:9:3:9:21 | "\\u006bey": "value" | This property is duplicated $@. | tst.js:10:3:10:19 | "\\x6bey": "value" | here |
| tst2.js:4:3:6:3 | getX: f ... .x;\\n } | This property is duplicated $@. | tst2.js:12:3:14:3 | getX: f ... .x;\\n } | in a later property |
| tst.js:2:3:2:16 | "key": "value" | This property is duplicated $@. | tst.js:5:3:5:16 | "key": "value" | in a later property |
| tst.js:4:3:4:14 | "1": "value" | This property is duplicated $@. | tst.js:11:3:11:12 | 1: "value" | in a later property |
| tst.js:5:3:5:16 | "key": "value" | This property is duplicated $@. | tst.js:6:3:6:16 | 'key': "value" | in a later property |
| tst.js:6:3:6:16 | 'key': "value" | This property is duplicated $@. | tst.js:7:3:7:14 | key: "value" | in a later property |
| tst.js:7:3:7:14 | key: "value" | This property is duplicated $@. | tst.js:8:3:8:19 | \\u006bey: "value" | in a later property |
| tst.js:8:3:8:19 | \\u006bey: "value" | This property is duplicated $@. | tst.js:9:3:9:21 | "\\u006bey": "value" | in a later property |
| tst.js:9:3:9:21 | "\\u006bey": "value" | This property is duplicated $@. | tst.js:10:3:10:19 | "\\x6bey": "value" | in a later property |

68
javascript/ql/test/query-tests/Expressions/StringInsteadOfRegex/StringInsteadOfRegex.expected
View File

@@ -1,34 +1,34 @@
| tst.js:3:5:3:28 | "".repl ... i", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:3:16:3:23 | "/foo/i" | /foo/i |
| tst.js:4:5:4:28 | "".repl ... /", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:4:16:4:23 | "/^foo/" | /^foo/ |
| tst.js:5:5:5:28 | "".repl ... /", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:5:16:5:23 | "/foo$/" | /foo$/ |
| tst.js:6:5:6:27 | "".repl ... $", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:6:16:6:22 | "^foo$" | ^foo$ |
| tst.js:7:5:7:24 | "".replace("\\s", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:7:16:7:19 | "\\s" | \\s |
| tst.js:8:5:8:30 | "".repl ... r", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:8:16:8:25 | "foo\\sbar" | foo\\sbar |
| tst.js:9:5:9:27 | "".repl ... s", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:9:16:9:22 | "foo\\s" | foo\\s |
| tst.js:10:5:10:27 | "".repl ... r", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:10:16:10:22 | "\\sbar" | \\sbar |
| tst.js:11:5:11:30 | "".repl ... r", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:11:16:11:25 | "foo\\[bar" | foo\\[bar |
| tst.js:12:5:12:24 | "".replace("\\[", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:12:16:12:19 | "\\[" | \\[ |
| tst.js:13:5:13:24 | "".replace("\\]", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:13:16:13:19 | "\\]" | \\] |
| tst.js:14:5:14:24 | "".replace("\\(", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:14:16:14:19 | "\\(" | \\( |
| tst.js:15:5:15:24 | "".replace("\\)", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:15:16:15:19 | "\\)" | \\) |
| tst.js:16:5:16:24 | "".replace("\\*", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:16:16:16:19 | "\\*" | \\* |
| tst.js:17:5:17:24 | "".replace("\\+", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:17:16:17:19 | "\\+" | \\+ |
| tst.js:18:5:18:24 | "".replace("\\?", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:18:16:18:19 | "\\?" | \\? |
| tst.js:19:5:19:24 | "".replace("\\{", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:19:16:19:19 | "\\{" | \\{ |
| tst.js:20:5:20:24 | "".replace("\\}", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:20:16:20:19 | "\\}" | \\} |
| tst.js:21:5:21:24 | "".replace("\\\|", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:21:16:21:19 | "\\\|" | \\\| |
| tst.js:22:5:22:24 | "".replace("\\^", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:22:16:22:19 | "\\^" | \\^ |
| tst.js:23:5:23:24 | "".replace("\\$", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:23:16:23:19 | "\\$" | \\$ |
| tst.js:24:5:24:34 | "".repl ... +", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:24:16:24:29 | "[a-zA-Z123]+" | [a-zA-Z123]+ |
| tst.js:25:5:25:28 | "".repl ... +", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:25:16:25:23 | "[a-z]+" | [a-z]+ |
| tst.js:26:5:26:28 | "".repl ... *", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:26:16:26:23 | "[a-z]*" | [a-z]* |
| tst.js:27:5:27:30 | "".repl ... +", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:27:16:27:25 | "[0-9_-]+" | [0-9_-]+ |
| tst.js:28:5:28:29 | "".repl ... +", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:28:16:28:24 | "[^a-z]+" | [^a-z]+ |
| tst.js:29:5:29:35 | "".repl ... r", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:29:16:29:30 | "foo[^a-z]+bar" | foo[^a-z]+bar |
| tst.js:32:5:32:28 | f().rep ... /i", x) | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:32:17:32:24 | "/foo/i" | /foo/i |
| tst.js:34:5:34:22 | f().replace(v1, x) | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:33:14:33:21 | "/foo/i" | /foo/i |
| tst.js:35:5:35:30 | o.p.q.r ... /i", x) | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:35:19:35:26 | "/foo/i" | /foo/i |
| tst.js:38:5:38:31 | "".repl ... $', '') | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:38:16:38:26 | '^\\s+\|\\s+$' | ^\\s+\|\\s+$ |
| tst.js:39:5:39:36 | "".repl ... +", "") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:39:16:39:31 | "[^a-zA-Z0-9 ]+" | [^a-zA-Z0-9 ]+ |
| tst.js:42:5:42:22 | "".split("/foo/i") | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:42:14:42:21 | "/foo/i" | /foo/i |
| tst.js:43:5:43:25 | "".spli ... /i", x) | String argument '$@' looks like a regular expression, but it will be interpreted as a string. | tst.js:43:14:43:21 | "/foo/i" | /foo/i |
| tst.js:3:5:3:28 | "".repl ... i", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:3:16:3:23 | "/foo/i" | /foo/i |
| tst.js:4:5:4:28 | "".repl ... /", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:4:16:4:23 | "/^foo/" | /^foo/ |
| tst.js:5:5:5:28 | "".repl ... /", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:5:16:5:23 | "/foo$/" | /foo$/ |
| tst.js:6:5:6:27 | "".repl ... $", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:6:16:6:22 | "^foo$" | ^foo$ |
| tst.js:7:5:7:24 | "".replace("\\s", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:7:16:7:19 | "\\s" | \\s |
| tst.js:8:5:8:30 | "".repl ... r", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:8:16:8:25 | "foo\\sbar" | foo\\sbar |
| tst.js:9:5:9:27 | "".repl ... s", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:9:16:9:22 | "foo\\s" | foo\\s |
| tst.js:10:5:10:27 | "".repl ... r", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:10:16:10:22 | "\\sbar" | \\sbar |
| tst.js:11:5:11:30 | "".repl ... r", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:11:16:11:25 | "foo\\[bar" | foo\\[bar |
| tst.js:12:5:12:24 | "".replace("\\[", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:12:16:12:19 | "\\[" | \\[ |
| tst.js:13:5:13:24 | "".replace("\\]", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:13:16:13:19 | "\\]" | \\] |
| tst.js:14:5:14:24 | "".replace("\\(", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:14:16:14:19 | "\\(" | \\( |
| tst.js:15:5:15:24 | "".replace("\\)", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:15:16:15:19 | "\\)" | \\) |
| tst.js:16:5:16:24 | "".replace("\\*", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:16:16:16:19 | "\\*" | \\* |
| tst.js:17:5:17:24 | "".replace("\\+", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:17:16:17:19 | "\\+" | \\+ |
| tst.js:18:5:18:24 | "".replace("\\?", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:18:16:18:19 | "\\?" | \\? |
| tst.js:19:5:19:24 | "".replace("\\{", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:19:16:19:19 | "\\{" | \\{ |
| tst.js:20:5:20:24 | "".replace("\\}", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:20:16:20:19 | "\\}" | \\} |
| tst.js:21:5:21:24 | "".replace("\\\|", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:21:16:21:19 | "\\\|" | \\\| |
| tst.js:22:5:22:24 | "".replace("\\^", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:22:16:22:19 | "\\^" | \\^ |
| tst.js:23:5:23:24 | "".replace("\\$", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:23:16:23:19 | "\\$" | \\$ |
| tst.js:24:5:24:34 | "".repl ... +", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:24:16:24:29 | "[a-zA-Z123]+" | [a-zA-Z123]+ |
| tst.js:25:5:25:28 | "".repl ... +", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:25:16:25:23 | "[a-z]+" | [a-z]+ |
| tst.js:26:5:26:28 | "".repl ... *", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:26:16:26:23 | "[a-z]*" | [a-z]* |
| tst.js:27:5:27:30 | "".repl ... +", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:27:16:27:25 | "[0-9_-]+" | [0-9_-]+ |
| tst.js:28:5:28:29 | "".repl ... +", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:28:16:28:24 | "[^a-z]+" | [^a-z]+ |
| tst.js:29:5:29:35 | "".repl ... r", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:29:16:29:30 | "foo[^a-z]+bar" | foo[^a-z]+bar |
| tst.js:32:5:32:28 | f().rep ... /i", x) | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:32:17:32:24 | "/foo/i" | /foo/i |
| tst.js:34:5:34:22 | f().replace(v1, x) | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:33:14:33:21 | "/foo/i" | /foo/i |
| tst.js:35:5:35:30 | o.p.q.r ... /i", x) | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:35:19:35:26 | "/foo/i" | /foo/i |
| tst.js:38:5:38:31 | "".repl ... $', '') | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:38:16:38:26 | '^\\s+\|\\s+$' | ^\\s+\|\\s+$ |
| tst.js:39:5:39:36 | "".repl ... +", "") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:39:16:39:31 | "[^a-zA-Z0-9 ]+" | [^a-zA-Z0-9 ]+ |
| tst.js:42:5:42:22 | "".split("/foo/i") | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:42:14:42:21 | "/foo/i" | /foo/i |
| tst.js:43:5:43:25 | "".spli ... /i", x) | String argument $@ looks like a regular expression, but it will be interpreted as a string. | tst.js:43:14:43:21 | "/foo/i" | /foo/i |

6
javascript/ql/test/query-tests/Expressions/UnboundEventHandlerReceiver/UnboundEventHandlerReceiver.expected
View File

@@ -1,3 +1,3 @@
| tst.js:27:18:27:40 | onClick ... bound1} | The receiver of this event handler call is unbound, `$@` will be `undefined` in the call to $@ | tst.js:56:9:56:12 | this | this | tst.js:55:5:57:5 | unbound ... ;\\n } | unbound1 |
| tst.js:28:18:28:40 | onClick ... bound2} | The receiver of this event handler call is unbound, `$@` will be `undefined` in the call to $@ | tst.js:60:15:60:18 | this | this | tst.js:59:5:61:5 | unbound ... ;\\n } | unbound2 |
| tst.js:29:18:29:35 | onClick={unbound3} | The receiver of this event handler call is unbound, `$@` will be `undefined` in the call to $@ | tst.js:64:15:64:18 | this | this | tst.js:63:5:65:5 | unbound ... ;\\n } | unbound3 |
| tst.js:27:18:27:40 | onClick ... bound1} | The receiver of this event handler call is unbound, `$@` will be `undefined` in the call to $@. | tst.js:56:9:56:12 | this | this | tst.js:55:5:57:5 | unbound ... ;\\n } | unbound1 |
| tst.js:28:18:28:40 | onClick ... bound2} | The receiver of this event handler call is unbound, `$@` will be `undefined` in the call to $@. | tst.js:60:15:60:18 | this | this | tst.js:59:5:61:5 | unbound ... ;\\n } | unbound2 |
| tst.js:29:18:29:35 | onClick={unbound3} | The receiver of this event handler call is unbound, `$@` will be `undefined` in the call to $@. | tst.js:64:15:64:18 | this | this | tst.js:63:5:65:5 | unbound ... ;\\n } | unbound3 |

6
javascript/ql/test/query-tests/LanguageFeatures/BadTypeof/BadTypeof.expected
View File

@@ -1,3 +1,3 @@
| tst.js:2:1:2:8 | typeof a | The result of this 'typeof' expression is compared to '$@', but the two can never be equal. | tst.js:2:14:2:20 | 'array' | array |
| tst.js:19:9:19:16 | typeof a | The result of this 'typeof' expression is compared to '$@', but the two can never be equal. | tst.js:23:6:23:11 | 'null' | null |
| tst.js:33:2:33:9 | typeof a | The result of this 'typeof' expression is compared to '$@', but the two can never be equal. | tst.js:33:16:33:22 | 'array' | array |
| tst.js:2:1:2:8 | typeof a | The result of this 'typeof' expression is compared to $@, but the two can never be equal. | tst.js:2:14:2:20 | 'array' | array |
| tst.js:19:9:19:16 | typeof a | The result of this 'typeof' expression is compared to $@, but the two can never be equal. | tst.js:23:6:23:11 | 'null' | null |
| tst.js:33:2:33:9 | typeof a | The result of this 'typeof' expression is compared to $@, but the two can never be equal. | tst.js:33:16:33:22 | 'array' | array |

22
javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/NonLinearPattern.expected
View File

@@ -1,11 +1,11 @@
| NonLinearPatternTS.ts:1:34:1:39 | number | The pattern variable 'number' appears to be a type, but is a variable previously bound $@. | NonLinearPatternTS.ts:1:23:1:28 | number | here |
| ts-test.ts:3:13:3:13 | x | Repeated binding of pattern variable 'x' previously bound $@. | ts-test.ts:3:10:3:10 | x | here |
| ts-test.ts:8:16:8:16 | x | Repeated binding of pattern variable 'x' previously bound $@. | ts-test.ts:8:10:8:10 | x | here |
| ts-test.ts:11:10:11:10 | x | Repeated binding of pattern variable 'x' previously bound $@. | ts-test.ts:11:7:11:7 | x | here |
| ts-test.ts:21:8:21:13 | string | The pattern variable 'string' appears to be a type, but is a variable previously bound $@. | ts-test.ts:20:8:20:13 | string | here |
| ts-test.ts:32:16:32:16 | x | Repeated binding of pattern variable 'x' previously bound $@. | ts-test.ts:30:12:30:12 | x | here |
| ts-test.ts:34:20:34:20 | x | Repeated binding of pattern variable 'x' previously bound $@. | ts-test.ts:30:12:30:12 | x | here |
| ts-test.ts:40:27:40:32 | string | Repeated binding of pattern variable 'string' previously bound $@. | ts-test.ts:40:16:40:21 | string | here |
| tst.js:3:13:3:13 | x | Repeated binding of pattern variable 'x' previously bound $@. | tst.js:3:10:3:10 | x | here |
| tst.js:8:16:8:16 | x | Repeated binding of pattern variable 'x' previously bound $@. | tst.js:8:10:8:10 | x | here |
| tst.js:11:10:11:10 | x | Repeated binding of pattern variable 'x' previously bound $@. | tst.js:11:7:11:7 | x | here |
| NonLinearPatternTS.ts:1:34:1:39 | number | The pattern variable 'number' appears to be a type, but is a variable $@. | NonLinearPatternTS.ts:1:23:1:28 | number | previously bound |
| ts-test.ts:3:13:3:13 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:3:10:3:10 | x | previously bound |
| ts-test.ts:8:16:8:16 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:8:10:8:10 | x | previously bound |
| ts-test.ts:11:10:11:10 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:11:7:11:7 | x | previously bound |
| ts-test.ts:21:8:21:13 | string | The pattern variable 'string' appears to be a type, but is a variable $@. | ts-test.ts:20:8:20:13 | string | previously bound |
| ts-test.ts:32:16:32:16 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:30:12:30:12 | x | previously bound |
| ts-test.ts:34:20:34:20 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:30:12:30:12 | x | previously bound |
| ts-test.ts:40:27:40:32 | string | Repeated binding of pattern variable 'string' $@. | ts-test.ts:40:16:40:21 | string | previously bound |
| tst.js:3:13:3:13 | x | Repeated binding of pattern variable 'x' $@. | tst.js:3:10:3:10 | x | previously bound |
| tst.js:8:16:8:16 | x | Repeated binding of pattern variable 'x' $@. | tst.js:8:10:8:10 | x | previously bound |
| tst.js:11:10:11:10 | x | Repeated binding of pattern variable 'x' $@. | tst.js:11:7:11:7 | x | previously bound |

28
javascript/ql/test/query-tests/LanguageFeatures/ThisBeforeSuper/ThisBeforeSuper.expected
View File

@@ -1,14 +1,14 @@
| invalid.js:5:35:5:52 | () { this.c = 0; } | The super constructor must be called before using '$@'. | invalid.js:5:40:5:43 | this | this |
| invalid.js:6:35:6:50 | () { this.c(); } | The super constructor must be called before using '$@'. | invalid.js:6:40:6:43 | this | this |
| invalid.js:7:35:7:51 | () { super.c(); } | The super constructor must be called before using '$@'. | invalid.js:7:40:7:46 | super.c | super |
| invalid.js:8:35:8:61 | () { th ... er(); } | The super constructor must be called before using '$@'. | invalid.js:8:40:8:43 | this | this |
| invalid.js:9:35:9:59 | () { th ... er(); } | The super constructor must be called before using '$@'. | invalid.js:9:40:9:43 | this | this |
| invalid.js:10:35:10:60 | () { su ... er(); } | The super constructor must be called before using '$@'. | invalid.js:10:40:10:46 | super.c | super |
| invalid.js:11:35:11:55 | () { su ... s.c); } | The super constructor must be called before using '$@'. | invalid.js:11:46:11:49 | this | this |
| invalid.js:12:35:12:57 | () { su ... c()); } | The super constructor must be called before using '$@'. | invalid.js:12:46:12:49 | this | this |
| invalid.js:13:35:13:58 | () { su ... c()); } | The super constructor must be called before using '$@'. | invalid.js:13:46:13:52 | super.c | super |
| invalid.js:14:35:14:118 | () { cl ... er(); } | The super constructor must be called before using '$@'. | invalid.js:14:99:14:102 | this | this |
| invalid.js:15:71:15:95 | () { th ... er(); } | The super constructor must be called before using '$@'. | invalid.js:15:76:15:79 | this | this |
| invalid.js:16:35:16:66 | () { if ... .a(); } | The super constructor must be called before using '$@'. | invalid.js:16:56:16:59 | this | this |
| invalid.js:26:16:26:19 | () {\\n ... ;\\n } | The super constructor must be called before using '$@'. | invalid.js:27:9:27:12 | this | this |
| invalid.js:26:16:26:19 | () {\\n ... ;\\n } | The super constructor must be called before using '$@'. | invalid.js:28:9:28:12 | this | this |
| invalid.js:5:35:5:52 | () { this.c = 0; } | The super constructor must be called before using $@. | invalid.js:5:40:5:43 | this | this |
| invalid.js:6:35:6:50 | () { this.c(); } | The super constructor must be called before using $@. | invalid.js:6:40:6:43 | this | this |
| invalid.js:7:35:7:51 | () { super.c(); } | The super constructor must be called before using $@. | invalid.js:7:40:7:46 | super.c | super |
| invalid.js:8:35:8:61 | () { th ... er(); } | The super constructor must be called before using $@. | invalid.js:8:40:8:43 | this | this |
| invalid.js:9:35:9:59 | () { th ... er(); } | The super constructor must be called before using $@. | invalid.js:9:40:9:43 | this | this |
| invalid.js:10:35:10:60 | () { su ... er(); } | The super constructor must be called before using $@. | invalid.js:10:40:10:46 | super.c | super |
| invalid.js:11:35:11:55 | () { su ... s.c); } | The super constructor must be called before using $@. | invalid.js:11:46:11:49 | this | this |
| invalid.js:12:35:12:57 | () { su ... c()); } | The super constructor must be called before using $@. | invalid.js:12:46:12:49 | this | this |
| invalid.js:13:35:13:58 | () { su ... c()); } | The super constructor must be called before using $@. | invalid.js:13:46:13:52 | super.c | super |
| invalid.js:14:35:14:118 | () { cl ... er(); } | The super constructor must be called before using $@. | invalid.js:14:99:14:102 | this | this |
| invalid.js:15:71:15:95 | () { th ... er(); } | The super constructor must be called before using $@. | invalid.js:15:76:15:79 | this | this |
| invalid.js:16:35:16:66 | () { if ... .a(); } | The super constructor must be called before using $@. | invalid.js:16:56:16:59 | this | this |
| invalid.js:26:16:26:19 | () {\\n ... ;\\n } | The super constructor must be called before using $@. | invalid.js:27:9:27:12 | this | this |
| invalid.js:26:16:26:19 | () {\\n ... ;\\n } | The super constructor must be called before using $@. | invalid.js:28:9:28:12 | this | this |

2
javascript/ql/test/query-tests/NodeJS/MissingExports/MissingExports.expected
View File

@@ -1 +1 @@
| MissingExports.js:7:5:7:19 | checkOne(xs[i]) | 'checkOne' references an undeclared global variable, not the variable exported $@. | MissingExports.js:1:20:3:1 | functio ... or();\\n} | here |
| MissingExports.js:7:5:7:19 | checkOne(xs[i]) | 'checkOne' references an undeclared global variable, not $@. | MissingExports.js:1:20:3:1 | functio ... or();\\n} | the variable of the same name that is exported |

2
javascript/ql/test/query-tests/Performance/ReassignParameterAndUseArguments/ReassignParameterAndUseArguments.expected
View File

@@ -1 +1 @@
| tst.js:2:18:2:22 | start | This parameter is reassigned $@, which may prevent optimization because the surrounding function uses the arguments object. | tst.js:4:9:4:13 | start | here |
| tst.js:2:18:2:22 | start | This parameter $@, which may prevent optimization because the surrounding function uses the arguments object. | tst.js:4:9:4:13 | start | is reassigned |

2
javascript/ql/test/query-tests/RegExp/BackrefIntoNegativeLookahead/BackrefIntoNegativeLookahead.expected
View File

@@ -1 +1 @@
| tst.js:4:17:4:18 | \\2 | This back reference always matches the empty string, since it refers to $@, which is contained in $@. | tst.js:4:11:4:14 | (a+) | this capture group | tst.js:4:8:4:16 | (?!(a+)b) | a negative lookahead assertion |
| tst.js:4:17:4:18 | \\2 | This back reference always matches the empty string, since it refers to $@, which is contained in a $@. | tst.js:4:11:4:14 | (a+) | this capture group | tst.js:4:8:4:16 | (?!(a+)b) | negative lookahead assertion |

18
javascript/ql/test/query-tests/RegExp/DuplicateCharacterInCharacterClass/DuplicateCharacterInCharacterClass.expected
View File

@@ -1,9 +1,9 @@
| tst.js:1:4:1:4 | o | Character 'o' is repeated $@ in the same character class. | tst.js:1:5:1:5 | o | here |
| tst.js:4:3:4:3 | ? | Character '?' is repeated $@ in the same character class. | tst.js:4:4:4:4 | ? | here |
| tst.js:5:3:5:8 | \\u003F | Character '\\u003F' is repeated $@ in the same character class. | tst.js:5:9:5:14 | \\u003f | here |
| tst.js:6:3:6:8 | \\u003F | Character '\\u003F' is repeated $@ in the same character class. | tst.js:6:9:6:9 | ? | here |
| tst.js:7:3:7:6 | \\x3f | Character '\\x3f' is repeated $@ in the same character class. | tst.js:7:7:7:12 | \\u003f | here |
| tst.js:8:3:8:3 | a | Character 'a' is repeated $@ in the same character class. | tst.js:8:4:8:4 | a | here |
| tst.js:8:3:8:3 | a | Character 'a' is repeated $@ in the same character class. | tst.js:8:5:8:5 | a | here |
| tst.js:9:3:9:6 | \\x0a | Character '\\x0a' is repeated $@ in the same character class. | tst.js:9:7:9:10 | \\x0a | here |
| tst.js:10:3:10:8 | \\u000a | Character '\\u000a' is repeated $@ in the same character class. | tst.js:10:9:10:10 | \\n | here |
| tst.js:1:4:1:4 | o | Character 'o' is $@. | tst.js:1:5:1:5 | o | repeated in the same character class |
| tst.js:4:3:4:3 | ? | Character '?' is $@. | tst.js:4:4:4:4 | ? | repeated in the same character class |
| tst.js:5:3:5:8 | \\u003F | Character '\\u003F' is $@. | tst.js:5:9:5:14 | \\u003f | repeated in the same character class |
| tst.js:6:3:6:8 | \\u003F | Character '\\u003F' is $@. | tst.js:6:9:6:9 | ? | repeated in the same character class |
| tst.js:7:3:7:6 | \\x3f | Character '\\x3f' is $@. | tst.js:7:7:7:12 | \\u003f | repeated in the same character class |
| tst.js:8:3:8:3 | a | Character 'a' is $@. | tst.js:8:4:8:4 | a | repeated in the same character class |
| tst.js:8:3:8:3 | a | Character 'a' is $@. | tst.js:8:5:8:5 | a | repeated in the same character class |
| tst.js:9:3:9:6 | \\x0a | Character '\\x0a' is $@. | tst.js:9:7:9:10 | \\x0a | repeated in the same character class |
| tst.js:10:3:10:8 | \\u000a | Character '\\u000a' is $@. | tst.js:10:9:10:10 | \\n | repeated in the same character class |

340
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
View File

@@ -10057,173 +10057,173 @@ edges
| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 |
| views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] |
#select
| TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:10:26:10:45 | join("public", path) | This path depends on $@. | TaintedPath-es6.js:7:20:7:26 | req.url | a user-provided value |
| TaintedPath.js:12:29:12:32 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:12:29:12:32 | path | This path depends on $@. | TaintedPath.js:9:24:9:30 | req.url | a user-provided value |
| TaintedPath.js:15:29:15:48 | "/home/user/" + path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:15:29:15:48 | "/home/user/" + path | This path depends on $@. | TaintedPath.js:9:24:9:30 | req.url | a user-provided value |
| TaintedPath.js:18:33:18:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:18:33:18:36 | path | This path depends on $@. | TaintedPath.js:9:24:9:30 | req.url | a user-provided value |
| TaintedPath.js:21:33:21:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:21:33:21:36 | path | This path depends on $@. | TaintedPath.js:9:24:9:30 | req.url | a user-provided value |
| TaintedPath.js:24:33:24:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:24:33:24:36 | path | This path depends on $@. | TaintedPath.js:9:24:9:30 | req.url | a user-provided value |
| TaintedPath.js:33:31:33:34 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:33:31:33:34 | path | This path depends on $@. | TaintedPath.js:9:24:9:30 | req.url | a user-provided value |
| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | This path depends on $@. | TaintedPath.js:38:20:38:26 | req.url | a user-provided value |
| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | This path depends on $@. | TaintedPath.js:38:20:38:26 | req.url | a user-provided value |
| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | This path depends on $@. | TaintedPath.js:38:20:38:26 | req.url | a user-provided value |
| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | This path depends on $@. | TaintedPath.js:38:20:38:26 | req.url | a user-provided value |
| TaintedPath.js:52:29:52:56 | pathMod ... , path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:52:29:52:56 | pathMod ... , path) | This path depends on $@. | TaintedPath.js:38:20:38:26 | req.url | a user-provided value |
| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | This path depends on $@. | TaintedPath.js:38:20:38:26 | req.url | a user-provided value |
| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | This path depends on $@. | TaintedPath.js:38:20:38:26 | req.url | a user-provided value |
| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | This path depends on $@. | TaintedPath.js:38:20:38:26 | req.url | a user-provided value |
| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | This path depends on $@. | TaintedPath.js:38:20:38:26 | req.url | a user-provided value |
| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | This path depends on $@. | TaintedPath.js:95:30:95:31 | ev | a user-provided value |
| TaintedPath.js:77:31:77:76 | require ... ).query | TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:76 | require ... ).query | This path depends on $@. | TaintedPath.js:77:63:77:69 | req.url | a user-provided value |
| TaintedPath.js:78:31:78:74 | require ... ).query | TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:74 | require ... ).query | This path depends on $@. | TaintedPath.js:78:61:78:67 | req.url | a user-provided value |
| TaintedPath.js:79:31:79:73 | require ... ).query | TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:73 | require ... ).query | This path depends on $@. | TaintedPath.js:79:60:79:66 | req.url | a user-provided value |
| TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath.js:87:48:87:60 | req.params[0] | This path depends on $@. | TaintedPath.js:87:48:87:60 | req.params[0] | a user-provided value |
| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | This path depends on $@. | TaintedPath.js:100:23:100:29 | req.url | a user-provided value |
| TaintedPath.js:105:45:105:52 | realpath | TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:105:45:105:52 | realpath | This path depends on $@. | TaintedPath.js:100:23:100:29 | req.url | a user-provided value |
| TaintedPath.js:138:23:138:26 | path | TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:138:23:138:26 | path | This path depends on $@. | TaintedPath.js:136:23:136:29 | req.url | a user-provided value |
| TaintedPath.js:144:19:144:22 | path | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:144:19:144:22 | path | This path depends on $@. | TaintedPath.js:142:24:142:30 | req.url | a user-provided value |
| TaintedPath.js:148:19:148:33 | split.join("/") | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:148:19:148:33 | split.join("/") | This path depends on $@. | TaintedPath.js:142:24:142:30 | req.url | a user-provided value |
| TaintedPath.js:152:19:152:26 | split[x] | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:152:19:152:26 | split[x] | This path depends on $@. | TaintedPath.js:142:24:142:30 | req.url | a user-provided value |
| TaintedPath.js:153:19:153:35 | prefix + split[x] | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:153:19:153:35 | prefix + split[x] | This path depends on $@. | TaintedPath.js:142:24:142:30 | req.url | a user-provided value |
| TaintedPath.js:156:19:156:37 | concatted.join("/") | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:156:19:156:37 | concatted.join("/") | This path depends on $@. | TaintedPath.js:142:24:142:30 | req.url | a user-provided value |
| TaintedPath.js:159:19:159:38 | concatted2.join("/") | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:159:19:159:38 | concatted2.join("/") | This path depends on $@. | TaintedPath.js:142:24:142:30 | req.url | a user-provided value |
| TaintedPath.js:161:19:161:29 | split.pop() | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:161:19:161:29 | split.pop() | This path depends on $@. | TaintedPath.js:142:24:142:30 | req.url | a user-provided value |
| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | This path depends on $@. | TaintedPath.js:166:24:166:30 | req.url | a user-provided value |
| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | This path depends on $@. | TaintedPath.js:166:24:166:30 | req.url | a user-provided value |
| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | This path depends on $@. | TaintedPath.js:166:24:166:30 | req.url | a user-provided value |
| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | This path depends on $@. | TaintedPath.js:166:24:166:30 | req.url | a user-provided value |
| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | This path depends on $@. | TaintedPath.js:166:24:166:30 | req.url | a user-provided value |
| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | This path depends on $@. | TaintedPath.js:166:24:166:30 | req.url | a user-provided value |
| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | This path depends on $@. | TaintedPath.js:166:24:166:30 | req.url | a user-provided value |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | This path depends on $@. | TaintedPath.js:203:38:203:44 | req.url | a user-provided value |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | This path depends on $@. | TaintedPath.js:204:51:204:57 | req.url | a user-provided value |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | This path depends on $@. | TaintedPath.js:206:44:206:50 | req.url | a user-provided value |
| TaintedPath.js:212:31:212:34 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:212:31:212:34 | path | This path depends on $@. | TaintedPath.js:211:24:211:30 | req.url | a user-provided value |
| TaintedPath.js:213:45:213:48 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:213:45:213:48 | path | This path depends on $@. | TaintedPath.js:211:24:211:30 | req.url | a user-provided value |
| TaintedPath.js:214:35:214:38 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:214:35:214:38 | path | This path depends on $@. | TaintedPath.js:211:24:211:30 | req.url | a user-provided value |
| express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | This path depends on $@. | express.js:8:20:8:32 | req.query.bar | a user-provided value |
| handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on $@. | handlebars.js:29:46:29:60 | req.params.path | a user-provided value |
| handlebars.js:15:25:15:32 | filePath | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:15:25:15:32 | filePath | This path depends on $@. | handlebars.js:43:15:43:29 | req.params.path | a user-provided value |
| normalizedPaths.js:13:19:13:22 | path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:13:19:13:22 | path | This path depends on $@. | normalizedPaths.js:11:14:11:27 | req.query.path | a user-provided value |
| normalizedPaths.js:14:19:14:29 | './' + path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:14:19:14:29 | './' + path | This path depends on $@. | normalizedPaths.js:11:14:11:27 | req.query.path | a user-provided value |
| normalizedPaths.js:15:19:15:38 | path + '/index.html' | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | This path depends on $@. | normalizedPaths.js:11:14:11:27 | req.query.path | a user-provided value |
| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | This path depends on $@. | normalizedPaths.js:11:14:11:27 | req.query.path | a user-provided value |
| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | This path depends on $@. | normalizedPaths.js:11:14:11:27 | req.query.path | a user-provided value |
| normalizedPaths.js:23:19:23:22 | path | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:23:19:23:22 | path | This path depends on $@. | normalizedPaths.js:21:35:21:48 | req.query.path | a user-provided value |
| normalizedPaths.js:24:19:24:29 | './' + path | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:24:19:24:29 | './' + path | This path depends on $@. | normalizedPaths.js:21:35:21:48 | req.query.path | a user-provided value |
| normalizedPaths.js:25:19:25:38 | path + '/index.html' | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | This path depends on $@. | normalizedPaths.js:21:35:21:48 | req.query.path | a user-provided value |
| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | This path depends on $@. | normalizedPaths.js:21:35:21:48 | req.query.path | a user-provided value |
| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | This path depends on $@. | normalizedPaths.js:21:35:21:48 | req.query.path | a user-provided value |
| normalizedPaths.js:36:19:36:22 | path | normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:36:19:36:22 | path | This path depends on $@. | normalizedPaths.js:31:35:31:48 | req.query.path | a user-provided value |
| normalizedPaths.js:41:21:41:24 | path | normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:41:21:41:24 | path | This path depends on $@. | normalizedPaths.js:31:35:31:48 | req.query.path | a user-provided value |
| normalizedPaths.js:59:19:59:22 | path | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:59:19:59:22 | path | This path depends on $@. | normalizedPaths.js:54:35:54:48 | req.query.path | a user-provided value |
| normalizedPaths.js:63:19:63:38 | path + "/index.html" | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | This path depends on $@. | normalizedPaths.js:54:35:54:48 | req.query.path | a user-provided value |
| normalizedPaths.js:68:21:68:24 | path | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:68:21:68:24 | path | This path depends on $@. | normalizedPaths.js:54:35:54:48 | req.query.path | a user-provided value |
| normalizedPaths.js:78:22:78:25 | path | normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:78:22:78:25 | path | This path depends on $@. | normalizedPaths.js:73:42:73:55 | req.query.path | a user-provided value |
| normalizedPaths.js:87:29:87:32 | path | normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:87:29:87:32 | path | This path depends on $@. | normalizedPaths.js:82:14:82:27 | req.query.path | a user-provided value |
| normalizedPaths.js:90:31:90:34 | path | normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:90:31:90:34 | path | This path depends on $@. | normalizedPaths.js:82:14:82:27 | req.query.path | a user-provided value |
| normalizedPaths.js:99:29:99:32 | path | normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:99:29:99:32 | path | This path depends on $@. | normalizedPaths.js:94:35:94:48 | req.query.path | a user-provided value |
| normalizedPaths.js:119:19:119:22 | path | normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:119:19:119:22 | path | This path depends on $@. | normalizedPaths.js:117:30:117:43 | req.query.path | a user-provided value |
| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | This path depends on $@. | normalizedPaths.js:117:30:117:43 | req.query.path | a user-provided value |
| normalizedPaths.js:135:21:135:24 | path | normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:135:21:135:24 | path | This path depends on $@. | normalizedPaths.js:130:35:130:48 | req.query.path | a user-provided value |
| normalizedPaths.js:144:21:144:24 | path | normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:144:21:144:24 | path | This path depends on $@. | normalizedPaths.js:139:48:139:61 | req.query.path | a user-provided value |
| normalizedPaths.js:151:21:151:24 | path | normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:151:21:151:24 | path | This path depends on $@. | normalizedPaths.js:148:44:148:57 | req.query.path | a user-provided value |
| normalizedPaths.js:153:21:153:24 | path | normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:153:21:153:24 | path | This path depends on $@. | normalizedPaths.js:148:44:148:57 | req.query.path | a user-provided value |
| normalizedPaths.js:165:19:165:22 | path | normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:165:19:165:22 | path | This path depends on $@. | normalizedPaths.js:160:35:160:48 | req.query.path | a user-provided value |
| normalizedPaths.js:170:21:170:24 | path | normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:170:21:170:24 | path | This path depends on $@. | normalizedPaths.js:160:35:160:48 | req.query.path | a user-provided value |
| normalizedPaths.js:184:19:184:22 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:184:19:184:22 | path | This path depends on $@. | normalizedPaths.js:174:14:174:27 | req.query.path | a user-provided value |
| normalizedPaths.js:187:21:187:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:187:21:187:24 | path | This path depends on $@. | normalizedPaths.js:174:14:174:27 | req.query.path | a user-provided value |
| normalizedPaths.js:189:21:189:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:189:21:189:24 | path | This path depends on $@. | normalizedPaths.js:174:14:174:27 | req.query.path | a user-provided value |
| normalizedPaths.js:192:21:192:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:192:21:192:24 | path | This path depends on $@. | normalizedPaths.js:174:14:174:27 | req.query.path | a user-provided value |
| normalizedPaths.js:194:21:194:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:194:21:194:24 | path | This path depends on $@. | normalizedPaths.js:174:14:174:27 | req.query.path | a user-provided value |
| normalizedPaths.js:199:21:199:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:199:21:199:24 | path | This path depends on $@. | normalizedPaths.js:174:14:174:27 | req.query.path | a user-provided value |
| normalizedPaths.js:205:21:205:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:205:21:205:34 | normalizedPath | This path depends on $@. | normalizedPaths.js:174:14:174:27 | req.query.path | a user-provided value |
| normalizedPaths.js:208:21:208:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:208:21:208:34 | normalizedPath | This path depends on $@. | normalizedPaths.js:174:14:174:27 | req.query.path | a user-provided value |
| normalizedPaths.js:210:21:210:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:210:21:210:34 | normalizedPath | This path depends on $@. | normalizedPaths.js:174:14:174:27 | req.query.path | a user-provided value |
| normalizedPaths.js:222:21:222:24 | path | normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:222:21:222:24 | path | This path depends on $@. | normalizedPaths.js:214:35:214:48 | req.query.path | a user-provided value |
| normalizedPaths.js:228:21:228:24 | path | normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:228:21:228:24 | path | This path depends on $@. | normalizedPaths.js:226:35:226:48 | req.query.path | a user-provided value |
| normalizedPaths.js:238:19:238:22 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:238:19:238:22 | path | This path depends on $@. | normalizedPaths.js:236:33:236:46 | req.query.path | a user-provided value |
| normalizedPaths.js:245:21:245:24 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:245:21:245:24 | path | This path depends on $@. | normalizedPaths.js:236:33:236:46 | req.query.path | a user-provided value |
| normalizedPaths.js:250:21:250:24 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:250:21:250:24 | path | This path depends on $@. | normalizedPaths.js:236:33:236:46 | req.query.path | a user-provided value |
| normalizedPaths.js:256:19:256:22 | path | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:256:19:256:22 | path | This path depends on $@. | normalizedPaths.js:254:33:254:46 | req.query.path | a user-provided value |
| normalizedPaths.js:262:21:262:24 | path | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:262:21:262:24 | path | This path depends on $@. | normalizedPaths.js:254:33:254:46 | req.query.path | a user-provided value |
| normalizedPaths.js:270:21:270:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:270:21:270:27 | newpath | This path depends on $@. | normalizedPaths.js:254:33:254:46 | req.query.path | a user-provided value |
| normalizedPaths.js:278:21:278:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:278:21:278:27 | newpath | This path depends on $@. | normalizedPaths.js:254:33:254:46 | req.query.path | a user-provided value |
| normalizedPaths.js:286:21:286:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:286:21:286:27 | newpath | This path depends on $@. | normalizedPaths.js:254:33:254:46 | req.query.path | a user-provided value |
| normalizedPaths.js:296:21:296:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:296:21:296:27 | newpath | This path depends on $@. | normalizedPaths.js:254:33:254:46 | req.query.path | a user-provided value |
| normalizedPaths.js:304:18:304:21 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:304:18:304:21 | path | This path depends on $@. | normalizedPaths.js:303:13:303:26 | req.query.path | a user-provided value |
| normalizedPaths.js:309:19:309:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:309:19:309:22 | path | This path depends on $@. | normalizedPaths.js:303:13:303:26 | req.query.path | a user-provided value |
| normalizedPaths.js:313:19:313:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:313:19:313:22 | path | This path depends on $@. | normalizedPaths.js:303:13:303:26 | req.query.path | a user-provided value |
| normalizedPaths.js:316:19:316:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:316:19:316:22 | path | This path depends on $@. | normalizedPaths.js:303:13:303:26 | req.query.path | a user-provided value |
| normalizedPaths.js:325:19:325:32 | normalizedPath | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:325:19:325:32 | normalizedPath | This path depends on $@. | normalizedPaths.js:303:13:303:26 | req.query.path | a user-provided value |
| normalizedPaths.js:332:19:332:32 | normalizedPath | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:332:19:332:32 | normalizedPath | This path depends on $@. | normalizedPaths.js:303:13:303:26 | req.query.path | a user-provided value |
| normalizedPaths.js:341:18:341:21 | path | normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:341:18:341:21 | path | This path depends on $@. | normalizedPaths.js:339:32:339:45 | req.query.path | a user-provided value |
| normalizedPaths.js:346:19:346:22 | path | normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:346:19:346:22 | path | This path depends on $@. | normalizedPaths.js:339:32:339:45 | req.query.path | a user-provided value |
| normalizedPaths.js:356:19:356:22 | path | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:356:19:356:22 | path | This path depends on $@. | normalizedPaths.js:354:14:354:27 | req.query.path | a user-provided value |
| normalizedPaths.js:363:21:363:31 | requestPath | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:363:21:363:31 | requestPath | This path depends on $@. | normalizedPaths.js:354:14:354:27 | req.query.path | a user-provided value |
| normalizedPaths.js:379:19:379:22 | path | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:379:19:379:22 | path | This path depends on $@. | normalizedPaths.js:377:14:377:27 | req.query.path | a user-provided value |
| normalizedPaths.js:381:19:381:29 | slash(path) | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:381:19:381:29 | slash(path) | This path depends on $@. | normalizedPaths.js:377:14:377:27 | req.query.path | a user-provided value |
| normalizedPaths.js:388:19:388:22 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:388:19:388:22 | path | This path depends on $@. | normalizedPaths.js:385:35:385:45 | req.query.x | a user-provided value |
| normalizedPaths.js:399:21:399:24 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:399:21:399:24 | path | This path depends on $@. | normalizedPaths.js:385:35:385:45 | req.query.x | a user-provided value |
| other-fs-libraries.js:11:19:11:22 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:11:19:11:22 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
| other-fs-libraries.js:12:27:12:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:12:27:12:30 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
| other-fs-libraries.js:13:24:13:27 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:13:24:13:27 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
| other-fs-libraries.js:14:27:14:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:14:27:14:30 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
| other-fs-libraries.js:16:34:16:37 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:16:34:16:37 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
| other-fs-libraries.js:17:35:17:38 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:17:35:17:38 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
| other-fs-libraries.js:19:56:19:59 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:19:56:19:59 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
| other-fs-libraries.js:24:35:24:38 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:24:35:24:38 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
| other-fs-libraries.js:40:35:40:38 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:40:35:40:38 | path | This path depends on $@. | other-fs-libraries.js:38:24:38:30 | req.url | a user-provided value |
| other-fs-libraries.js:41:50:41:53 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:41:50:41:53 | path | This path depends on $@. | other-fs-libraries.js:38:24:38:30 | req.url | a user-provided value |
| other-fs-libraries.js:42:53:42:56 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:42:53:42:56 | path | This path depends on $@. | other-fs-libraries.js:38:24:38:30 | req.url | a user-provided value |
| other-fs-libraries.js:51:19:51:22 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:51:19:51:22 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
| other-fs-libraries.js:52:24:52:27 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:52:24:52:27 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
| other-fs-libraries.js:54:36:54:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:54:36:54:39 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
| other-fs-libraries.js:55:36:55:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:55:36:55:39 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
| other-fs-libraries.js:57:46:57:49 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:57:46:57:49 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
| other-fs-libraries.js:59:39:59:42 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:59:39:59:42 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
| other-fs-libraries.js:62:43:62:46 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:62:43:62:46 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
| other-fs-libraries.js:63:51:63:54 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:63:51:63:54 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
| other-fs-libraries.js:70:19:70:22 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:70:19:70:22 | path | This path depends on $@. | other-fs-libraries.js:68:24:68:30 | req.url | a user-provided value |
| other-fs-libraries.js:71:10:71:13 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:71:10:71:13 | path | This path depends on $@. | other-fs-libraries.js:68:24:68:30 | req.url | a user-provided value |
| other-fs-libraries.js:72:15:72:18 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:72:15:72:18 | path | This path depends on $@. | other-fs-libraries.js:68:24:68:30 | req.url | a user-provided value |
| prettier.js:7:28:7:28 | p | prettier.js:6:13:6:13 | p | prettier.js:7:28:7:28 | p | This path depends on $@. | prettier.js:6:13:6:13 | p | a user-provided value |
| prettier.js:11:44:11:44 | p | prettier.js:6:13:6:13 | p | prettier.js:11:44:11:44 | p | This path depends on $@. | prettier.js:6:13:6:13 | p | a user-provided value |
| pupeteer.js:9:28:9:34 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:9:28:9:34 | tainted | This path depends on $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | a user-provided value |
| pupeteer.js:13:37:13:43 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:13:37:13:43 | tainted | This path depends on $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | a user-provided value |
| tainted-access-paths.js:8:19:8:22 | path | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:8:19:8:22 | path | This path depends on $@. | tainted-access-paths.js:6:24:6:30 | req.url | a user-provided value |
| tainted-access-paths.js:12:19:12:25 | obj.sub | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:12:19:12:25 | obj.sub | This path depends on $@. | tainted-access-paths.js:6:24:6:30 | req.url | a user-provided value |
| tainted-access-paths.js:26:19:26:26 | obj.sub3 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:26:19:26:26 | obj.sub3 | This path depends on $@. | tainted-access-paths.js:6:24:6:30 | req.url | a user-provided value |
| tainted-access-paths.js:29:21:29:28 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:29:21:29:28 | obj.sub4 | This path depends on $@. | tainted-access-paths.js:6:24:6:30 | req.url | a user-provided value |
| tainted-access-paths.js:30:23:30:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:30:23:30:30 | obj.sub4 | This path depends on $@. | tainted-access-paths.js:6:24:6:30 | req.url | a user-provided value |
| tainted-access-paths.js:31:23:31:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:31:23:31:30 | obj.sub4 | This path depends on $@. | tainted-access-paths.js:6:24:6:30 | req.url | a user-provided value |
| tainted-access-paths.js:40:23:40:26 | path | tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:40:23:40:26 | path | This path depends on $@. | tainted-access-paths.js:39:24:39:30 | req.url | a user-provided value |
| tainted-access-paths.js:49:10:49:13 | path | tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:49:10:49:13 | path | This path depends on $@. | tainted-access-paths.js:48:24:48:30 | req.url | a user-provided value |
| tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | This path depends on $@. | tainted-require.js:7:19:7:37 | req.param("module") | a user-provided value |
| tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | This path depends on $@. | tainted-require.js:12:29:12:47 | req.param("module") | a user-provided value |
| tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | This path depends on $@. | tainted-require.js:14:11:14:29 | req.param("module") | a user-provided value |
| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | This path depends on $@. | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | a user-provided value |
| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | This path depends on $@. | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | a user-provided value |
| tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") | This path depends on $@. | tainted-sendFile.js:18:43:18:58 | req.param("dir") | a user-provided value |
| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | This path depends on $@. | tainted-sendFile.js:24:37:24:48 | req.params.x | a user-provided value |
| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | This path depends on $@. | tainted-sendFile.js:25:34:25:45 | req.params.x | a user-provided value |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:8:18:8:34 | path.substring(4) | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:10:18:10:31 | path.substr(4) | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:11:18:11:30 | path.slice(4) | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:17:18:17:28 | path.trim() | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:17:18:17:28 | path.trim() | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
| torrents.js:7:25:7:27 | loc | torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:7:25:7:27 | loc | This path depends on $@. | torrents.js:5:13:5:38 | parseTo ... t).name | a user-provided value |
| typescript.ts:12:29:12:32 | path | typescript.ts:9:24:9:30 | req.url | typescript.ts:12:29:12:32 | path | This path depends on $@. | typescript.ts:9:24:9:30 | req.url | a user-provided value |
| typescript.ts:21:39:21:43 | path3 | typescript.ts:9:24:9:30 | req.url | typescript.ts:21:39:21:43 | path3 | This path depends on $@. | typescript.ts:9:24:9:30 | req.url | a user-provided value |
| typescript.ts:24:39:24:43 | path4 | typescript.ts:9:24:9:30 | req.url | typescript.ts:24:39:24:43 | path4 | This path depends on $@. | typescript.ts:9:24:9:30 | req.url | a user-provided value |
| typescript.ts:32:29:32:33 | path6 | typescript.ts:9:24:9:30 | req.url | typescript.ts:32:29:32:33 | path6 | This path depends on $@. | typescript.ts:9:24:9:30 | req.url | a user-provided value |
| views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | This path depends on $@. | views.js:1:43:1:55 | req.params[0] | a user-provided value |
| TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:10:26:10:45 | join("public", path) | This path depends on a $@. | TaintedPath-es6.js:7:20:7:26 | req.url | user-provided value |
| TaintedPath.js:12:29:12:32 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:12:29:12:32 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
| TaintedPath.js:15:29:15:48 | "/home/user/" + path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:15:29:15:48 | "/home/user/" + path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
| TaintedPath.js:18:33:18:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:18:33:18:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
| TaintedPath.js:21:33:21:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:21:33:21:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
| TaintedPath.js:24:33:24:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:24:33:24:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
| TaintedPath.js:33:31:33:34 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:33:31:33:34 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
| TaintedPath.js:52:29:52:56 | pathMod ... , path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:52:29:52:56 | pathMod ... , path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | This path depends on a $@. | TaintedPath.js:95:30:95:31 | ev | user-provided value |
| TaintedPath.js:77:31:77:76 | require ... ).query | TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:76 | require ... ).query | This path depends on a $@. | TaintedPath.js:77:63:77:69 | req.url | user-provided value |
| TaintedPath.js:78:31:78:74 | require ... ).query | TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:74 | require ... ).query | This path depends on a $@. | TaintedPath.js:78:61:78:67 | req.url | user-provided value |
| TaintedPath.js:79:31:79:73 | require ... ).query | TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:73 | require ... ).query | This path depends on a $@. | TaintedPath.js:79:60:79:66 | req.url | user-provided value |
| TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath.js:87:48:87:60 | req.params[0] | This path depends on a $@. | TaintedPath.js:87:48:87:60 | req.params[0] | user-provided value |
| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | This path depends on a $@. | TaintedPath.js:100:23:100:29 | req.url | user-provided value |
| TaintedPath.js:105:45:105:52 | realpath | TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:105:45:105:52 | realpath | This path depends on a $@. | TaintedPath.js:100:23:100:29 | req.url | user-provided value |
| TaintedPath.js:138:23:138:26 | path | TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:138:23:138:26 | path | This path depends on a $@. | TaintedPath.js:136:23:136:29 | req.url | user-provided value |
| TaintedPath.js:144:19:144:22 | path | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:144:19:144:22 | path | This path depends on a $@. | TaintedPath.js:142:24:142:30 | req.url | user-provided value |
| TaintedPath.js:148:19:148:33 | split.join("/") | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:148:19:148:33 | split.join("/") | This path depends on a $@. | TaintedPath.js:142:24:142:30 | req.url | user-provided value |
| TaintedPath.js:152:19:152:26 | split[x] | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:152:19:152:26 | split[x] | This path depends on a $@. | TaintedPath.js:142:24:142:30 | req.url | user-provided value |
| TaintedPath.js:153:19:153:35 | prefix + split[x] | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:153:19:153:35 | prefix + split[x] | This path depends on a $@. | TaintedPath.js:142:24:142:30 | req.url | user-provided value |
| TaintedPath.js:156:19:156:37 | concatted.join("/") | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:156:19:156:37 | concatted.join("/") | This path depends on a $@. | TaintedPath.js:142:24:142:30 | req.url | user-provided value |
| TaintedPath.js:159:19:159:38 | concatted2.join("/") | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:159:19:159:38 | concatted2.join("/") | This path depends on a $@. | TaintedPath.js:142:24:142:30 | req.url | user-provided value |
| TaintedPath.js:161:19:161:29 | split.pop() | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:161:19:161:29 | split.pop() | This path depends on a $@. | TaintedPath.js:142:24:142:30 | req.url | user-provided value |
| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:166:24:166:30 | req.url | user-provided value |
| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:166:24:166:30 | req.url | user-provided value |
| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:166:24:166:30 | req.url | user-provided value |
| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:166:24:166:30 | req.url | user-provided value |
| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:166:24:166:30 | req.url | user-provided value |
| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | This path depends on a $@. | TaintedPath.js:166:24:166:30 | req.url | user-provided value |
| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | This path depends on a $@. | TaintedPath.js:166:24:166:30 | req.url | user-provided value |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | This path depends on a $@. | TaintedPath.js:203:38:203:44 | req.url | user-provided value |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | This path depends on a $@. | TaintedPath.js:204:51:204:57 | req.url | user-provided value |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | This path depends on a $@. | TaintedPath.js:206:44:206:50 | req.url | user-provided value |
| TaintedPath.js:212:31:212:34 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:212:31:212:34 | path | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value |
| TaintedPath.js:213:45:213:48 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:213:45:213:48 | path | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value |
| TaintedPath.js:214:35:214:38 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:214:35:214:38 | path | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value |
| express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | This path depends on a $@. | express.js:8:20:8:32 | req.query.bar | user-provided value |
| handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value |
| handlebars.js:15:25:15:32 | filePath | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:15:25:15:32 | filePath | This path depends on a $@. | handlebars.js:43:15:43:29 | req.params.path | user-provided value |
| normalizedPaths.js:13:19:13:22 | path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:13:19:13:22 | path | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
| normalizedPaths.js:14:19:14:29 | './' + path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:14:19:14:29 | './' + path | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
| normalizedPaths.js:15:19:15:38 | path + '/index.html' | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
| normalizedPaths.js:23:19:23:22 | path | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:23:19:23:22 | path | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value |
| normalizedPaths.js:24:19:24:29 | './' + path | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:24:19:24:29 | './' + path | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value |
| normalizedPaths.js:25:19:25:38 | path + '/index.html' | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value |
| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value |
| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value |
| normalizedPaths.js:36:19:36:22 | path | normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:36:19:36:22 | path | This path depends on a $@. | normalizedPaths.js:31:35:31:48 | req.query.path | user-provided value |
| normalizedPaths.js:41:21:41:24 | path | normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:41:21:41:24 | path | This path depends on a $@. | normalizedPaths.js:31:35:31:48 | req.query.path | user-provided value |
| normalizedPaths.js:59:19:59:22 | path | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:59:19:59:22 | path | This path depends on a $@. | normalizedPaths.js:54:35:54:48 | req.query.path | user-provided value |
| normalizedPaths.js:63:19:63:38 | path + "/index.html" | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | This path depends on a $@. | normalizedPaths.js:54:35:54:48 | req.query.path | user-provided value |
| normalizedPaths.js:68:21:68:24 | path | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:68:21:68:24 | path | This path depends on a $@. | normalizedPaths.js:54:35:54:48 | req.query.path | user-provided value |
| normalizedPaths.js:78:22:78:25 | path | normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:78:22:78:25 | path | This path depends on a $@. | normalizedPaths.js:73:42:73:55 | req.query.path | user-provided value |
| normalizedPaths.js:87:29:87:32 | path | normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:87:29:87:32 | path | This path depends on a $@. | normalizedPaths.js:82:14:82:27 | req.query.path | user-provided value |
| normalizedPaths.js:90:31:90:34 | path | normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:90:31:90:34 | path | This path depends on a $@. | normalizedPaths.js:82:14:82:27 | req.query.path | user-provided value |
| normalizedPaths.js:99:29:99:32 | path | normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:99:29:99:32 | path | This path depends on a $@. | normalizedPaths.js:94:35:94:48 | req.query.path | user-provided value |
| normalizedPaths.js:119:19:119:22 | path | normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:119:19:119:22 | path | This path depends on a $@. | normalizedPaths.js:117:30:117:43 | req.query.path | user-provided value |
| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | This path depends on a $@. | normalizedPaths.js:117:30:117:43 | req.query.path | user-provided value |
| normalizedPaths.js:135:21:135:24 | path | normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:135:21:135:24 | path | This path depends on a $@. | normalizedPaths.js:130:35:130:48 | req.query.path | user-provided value |
| normalizedPaths.js:144:21:144:24 | path | normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:144:21:144:24 | path | This path depends on a $@. | normalizedPaths.js:139:48:139:61 | req.query.path | user-provided value |
| normalizedPaths.js:151:21:151:24 | path | normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:151:21:151:24 | path | This path depends on a $@. | normalizedPaths.js:148:44:148:57 | req.query.path | user-provided value |
| normalizedPaths.js:153:21:153:24 | path | normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:153:21:153:24 | path | This path depends on a $@. | normalizedPaths.js:148:44:148:57 | req.query.path | user-provided value |
| normalizedPaths.js:165:19:165:22 | path | normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:165:19:165:22 | path | This path depends on a $@. | normalizedPaths.js:160:35:160:48 | req.query.path | user-provided value |
| normalizedPaths.js:170:21:170:24 | path | normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:170:21:170:24 | path | This path depends on a $@. | normalizedPaths.js:160:35:160:48 | req.query.path | user-provided value |
| normalizedPaths.js:184:19:184:22 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:184:19:184:22 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
| normalizedPaths.js:187:21:187:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:187:21:187:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
| normalizedPaths.js:189:21:189:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:189:21:189:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
| normalizedPaths.js:192:21:192:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:192:21:192:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
| normalizedPaths.js:194:21:194:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:194:21:194:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
| normalizedPaths.js:199:21:199:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:199:21:199:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
| normalizedPaths.js:205:21:205:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:205:21:205:34 | normalizedPath | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
| normalizedPaths.js:208:21:208:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:208:21:208:34 | normalizedPath | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
| normalizedPaths.js:210:21:210:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:210:21:210:34 | normalizedPath | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
| normalizedPaths.js:222:21:222:24 | path | normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:222:21:222:24 | path | This path depends on a $@. | normalizedPaths.js:214:35:214:48 | req.query.path | user-provided value |
| normalizedPaths.js:228:21:228:24 | path | normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:228:21:228:24 | path | This path depends on a $@. | normalizedPaths.js:226:35:226:48 | req.query.path | user-provided value |
| normalizedPaths.js:238:19:238:22 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:238:19:238:22 | path | This path depends on a $@. | normalizedPaths.js:236:33:236:46 | req.query.path | user-provided value |
| normalizedPaths.js:245:21:245:24 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:245:21:245:24 | path | This path depends on a $@. | normalizedPaths.js:236:33:236:46 | req.query.path | user-provided value |
| normalizedPaths.js:250:21:250:24 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:250:21:250:24 | path | This path depends on a $@. | normalizedPaths.js:236:33:236:46 | req.query.path | user-provided value |
| normalizedPaths.js:256:19:256:22 | path | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:256:19:256:22 | path | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
| normalizedPaths.js:262:21:262:24 | path | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:262:21:262:24 | path | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
| normalizedPaths.js:270:21:270:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:270:21:270:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
| normalizedPaths.js:278:21:278:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:278:21:278:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
| normalizedPaths.js:286:21:286:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:286:21:286:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
| normalizedPaths.js:296:21:296:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:296:21:296:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
| normalizedPaths.js:304:18:304:21 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:304:18:304:21 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
| normalizedPaths.js:309:19:309:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:309:19:309:22 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
| normalizedPaths.js:313:19:313:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:313:19:313:22 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
| normalizedPaths.js:316:19:316:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:316:19:316:22 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
| normalizedPaths.js:325:19:325:32 | normalizedPath | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:325:19:325:32 | normalizedPath | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
| normalizedPaths.js:332:19:332:32 | normalizedPath | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:332:19:332:32 | normalizedPath | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
| normalizedPaths.js:341:18:341:21 | path | normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:341:18:341:21 | path | This path depends on a $@. | normalizedPaths.js:339:32:339:45 | req.query.path | user-provided value |
| normalizedPaths.js:346:19:346:22 | path | normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:346:19:346:22 | path | This path depends on a $@. | normalizedPaths.js:339:32:339:45 | req.query.path | user-provided value |
| normalizedPaths.js:356:19:356:22 | path | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:356:19:356:22 | path | This path depends on a $@. | normalizedPaths.js:354:14:354:27 | req.query.path | user-provided value |
| normalizedPaths.js:363:21:363:31 | requestPath | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:363:21:363:31 | requestPath | This path depends on a $@. | normalizedPaths.js:354:14:354:27 | req.query.path | user-provided value |
| normalizedPaths.js:379:19:379:22 | path | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:379:19:379:22 | path | This path depends on a $@. | normalizedPaths.js:377:14:377:27 | req.query.path | user-provided value |
| normalizedPaths.js:381:19:381:29 | slash(path) | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:381:19:381:29 | slash(path) | This path depends on a $@. | normalizedPaths.js:377:14:377:27 | req.query.path | user-provided value |
| normalizedPaths.js:388:19:388:22 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:388:19:388:22 | path | This path depends on a $@. | normalizedPaths.js:385:35:385:45 | req.query.x | user-provided value |
| normalizedPaths.js:399:21:399:24 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:399:21:399:24 | path | This path depends on a $@. | normalizedPaths.js:385:35:385:45 | req.query.x | user-provided value |
| other-fs-libraries.js:11:19:11:22 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:11:19:11:22 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
| other-fs-libraries.js:12:27:12:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:12:27:12:30 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
| other-fs-libraries.js:13:24:13:27 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:13:24:13:27 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
| other-fs-libraries.js:14:27:14:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:14:27:14:30 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
| other-fs-libraries.js:16:34:16:37 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:16:34:16:37 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
| other-fs-libraries.js:17:35:17:38 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:17:35:17:38 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
| other-fs-libraries.js:19:56:19:59 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:19:56:19:59 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
| other-fs-libraries.js:24:35:24:38 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:24:35:24:38 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
| other-fs-libraries.js:40:35:40:38 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:40:35:40:38 | path | This path depends on a $@. | other-fs-libraries.js:38:24:38:30 | req.url | user-provided value |
| other-fs-libraries.js:41:50:41:53 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:41:50:41:53 | path | This path depends on a $@. | other-fs-libraries.js:38:24:38:30 | req.url | user-provided value |
| other-fs-libraries.js:42:53:42:56 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:42:53:42:56 | path | This path depends on a $@. | other-fs-libraries.js:38:24:38:30 | req.url | user-provided value |
| other-fs-libraries.js:51:19:51:22 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:51:19:51:22 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
| other-fs-libraries.js:52:24:52:27 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:52:24:52:27 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
| other-fs-libraries.js:54:36:54:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:54:36:54:39 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
| other-fs-libraries.js:55:36:55:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:55:36:55:39 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
| other-fs-libraries.js:57:46:57:49 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:57:46:57:49 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
| other-fs-libraries.js:59:39:59:42 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:59:39:59:42 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
| other-fs-libraries.js:62:43:62:46 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:62:43:62:46 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
| other-fs-libraries.js:63:51:63:54 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:63:51:63:54 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
| other-fs-libraries.js:70:19:70:22 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:70:19:70:22 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value |
| other-fs-libraries.js:71:10:71:13 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:71:10:71:13 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value |
| other-fs-libraries.js:72:15:72:18 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:72:15:72:18 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value |
| prettier.js:7:28:7:28 | p | prettier.js:6:13:6:13 | p | prettier.js:7:28:7:28 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value |
| prettier.js:11:44:11:44 | p | prettier.js:6:13:6:13 | p | prettier.js:11:44:11:44 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value |
| pupeteer.js:9:28:9:34 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:9:28:9:34 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value |
| pupeteer.js:13:37:13:43 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:13:37:13:43 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value |
| tainted-access-paths.js:8:19:8:22 | path | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:8:19:8:22 | path | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
| tainted-access-paths.js:12:19:12:25 | obj.sub | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:12:19:12:25 | obj.sub | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
| tainted-access-paths.js:26:19:26:26 | obj.sub3 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:26:19:26:26 | obj.sub3 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
| tainted-access-paths.js:29:21:29:28 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:29:21:29:28 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
| tainted-access-paths.js:30:23:30:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:30:23:30:30 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
| tainted-access-paths.js:31:23:31:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:31:23:31:30 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
| tainted-access-paths.js:40:23:40:26 | path | tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:40:23:40:26 | path | This path depends on a $@. | tainted-access-paths.js:39:24:39:30 | req.url | user-provided value |
| tainted-access-paths.js:49:10:49:13 | path | tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:49:10:49:13 | path | This path depends on a $@. | tainted-access-paths.js:48:24:48:30 | req.url | user-provided value |
| tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | This path depends on a $@. | tainted-require.js:7:19:7:37 | req.param("module") | user-provided value |
| tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | This path depends on a $@. | tainted-require.js:12:29:12:47 | req.param("module") | user-provided value |
| tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | This path depends on a $@. | tainted-require.js:14:11:14:29 | req.param("module") | user-provided value |
| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | This path depends on a $@. | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | user-provided value |
| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | This path depends on a $@. | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | user-provided value |
| tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") | This path depends on a $@. | tainted-sendFile.js:18:43:18:58 | req.param("dir") | user-provided value |
| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | This path depends on a $@. | tainted-sendFile.js:24:37:24:48 | req.params.x | user-provided value |
| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | This path depends on a $@. | tainted-sendFile.js:25:34:25:45 | req.params.x | user-provided value |
| tainted-string-steps.js:8:18:8:34 | path.substring(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:8:18:8:34 | path.substring(4) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
| tainted-string-steps.js:10:18:10:31 | path.substr(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:10:18:10:31 | path.substr(4) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
| tainted-string-steps.js:11:18:11:30 | path.slice(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:11:18:11:30 | path.slice(4) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
| tainted-string-steps.js:17:18:17:28 | path.trim() | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:17:18:17:28 | path.trim() | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
| torrents.js:7:25:7:27 | loc | torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:7:25:7:27 | loc | This path depends on a $@. | torrents.js:5:13:5:38 | parseTo ... t).name | user-provided value |
| typescript.ts:12:29:12:32 | path | typescript.ts:9:24:9:30 | req.url | typescript.ts:12:29:12:32 | path | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
| typescript.ts:21:39:21:43 | path3 | typescript.ts:9:24:9:30 | req.url | typescript.ts:21:39:21:43 | path3 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
| typescript.ts:24:39:24:43 | path4 | typescript.ts:9:24:9:30 | req.url | typescript.ts:24:39:24:43 | path4 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
| typescript.ts:32:29:32:33 | path6 | typescript.ts:9:24:9:30 | req.url | typescript.ts:32:29:32:33 | path6 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
| views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | This path depends on a $@. | views.js:1:43:1:55 | req.params[0] | user-provided value |

20
javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected
View File

@@ -126,13 +126,13 @@ edges
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName |
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName |
#select
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | $@ depends on $@ which may contain '..' | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | File system operation | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | unsanitized archive entry |
| TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | $@ depends on $@ which may contain '..' | TarSlipBad.js:6:36:6:46 | header.name | File system operation | TarSlipBad.js:6:36:6:46 | header.name | unsanitized archive entry |
| TarSlipBad.js:9:17:9:31 | header.linkname | TarSlipBad.js:9:17:9:31 | header.linkname | TarSlipBad.js:9:17:9:31 | header.linkname | $@ depends on $@ which may contain '..' | TarSlipBad.js:9:17:9:31 | header.linkname | File system operation | TarSlipBad.js:9:17:9:31 | header.linkname | unsanitized archive entry |
| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:6:22:6:29 | fileName | $@ depends on $@ which may contain '..' | ZipSlipBad2.js:6:22:6:29 | fileName | File system operation | ZipSlipBad2.js:5:37:5:46 | entry.path | unsanitized archive entry |
| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:8:37:8:44 | fileName | $@ depends on $@ which may contain '..' | ZipSlipBad.js:8:37:8:44 | fileName | File system operation | ZipSlipBad.js:7:22:7:31 | entry.path | unsanitized archive entry |
| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:16:30:16:37 | fileName | $@ depends on $@ which may contain '..' | ZipSlipBad.js:16:30:16:37 | fileName | File system operation | ZipSlipBad.js:15:22:15:31 | entry.path | unsanitized archive entry |
| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:23:28:23:35 | fileName | $@ depends on $@ which may contain '..' | ZipSlipBad.js:23:28:23:35 | fileName | File system operation | ZipSlipBad.js:22:22:22:31 | entry.path | unsanitized archive entry |
| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | $@ depends on $@ which may contain '..' | ZipSlipBad.js:31:26:31:29 | name | File system operation | ZipSlipBad.js:30:14:30:17 | name | unsanitized archive entry |
| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | $@ depends on $@ which may contain '..' | ZipSlipBad.js:35:26:35:29 | name | File system operation | ZipSlipBad.js:34:16:34:19 | name | unsanitized archive entry |
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | $@ depends on $@ which may contain '..' | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | File system operation | ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | unsanitized archive entry |
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | Unsanitized archive entry, which may contain '..', is used in a $@. | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | file system operation |
| TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | Unsanitized archive entry, which may contain '..', is used in a $@. | TarSlipBad.js:6:36:6:46 | header.name | file system operation |
| TarSlipBad.js:9:17:9:31 | header.linkname | TarSlipBad.js:9:17:9:31 | header.linkname | TarSlipBad.js:9:17:9:31 | header.linkname | Unsanitized archive entry, which may contain '..', is used in a $@. | TarSlipBad.js:9:17:9:31 | header.linkname | file system operation |
| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:6:22:6:29 | fileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad2.js:6:22:6:29 | fileName | file system operation |
| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:8:37:8:44 | fileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.js:8:37:8:44 | fileName | file system operation |
| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:16:30:16:37 | fileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.js:16:30:16:37 | fileName | file system operation |
| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:23:28:23:35 | fileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.js:23:28:23:35 | fileName | file system operation |
| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.js:31:26:31:29 | name | file system operation |
| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.js:35:26:35:29 | name | file system operation |
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | file system operation |

20
javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected
View File

@@ -108,13 +108,13 @@ edges
| tst.js:29:39:29:41 | str | tst.js:29:28:29:42 | JSON.parse(str) |
| tst.js:29:39:29:41 | str | tst.js:29:28:29:42 | JSON.parse(str) |
#select
| routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | Template object depends on $@. | routes.js:2:23:2:30 | req.body | a user-provided value |
| tst2.js:7:28:7:40 | bodyParameter | tst2.js:6:25:6:32 | req.body | tst2.js:7:28:7:40 | bodyParameter | Template object depends on $@. | tst2.js:6:25:6:32 | req.body | a user-provided value |
| tst2.js:27:28:27:40 | bodyParameter | tst2.js:26:25:26:32 | req.body | tst2.js:27:28:27:40 | bodyParameter | Template object depends on $@. | tst2.js:26:25:26:32 | req.body | a user-provided value |
| tst2.js:35:28:35:40 | bodyParameter | tst2.js:34:25:34:32 | req.body | tst2.js:35:28:35:40 | bodyParameter | Template object depends on $@. | tst2.js:34:25:34:32 | req.body | a user-provided value |
| tst2.js:43:28:43:40 | bodyParameter | tst2.js:42:25:42:32 | req.body | tst2.js:43:28:43:40 | bodyParameter | Template object depends on $@. | tst2.js:42:25:42:32 | req.body | a user-provided value |
| tst2.js:52:28:52:40 | bodyParameter | tst2.js:51:25:51:32 | req.body | tst2.js:52:28:52:40 | bodyParameter | Template object depends on $@. | tst2.js:51:25:51:32 | req.body | a user-provided value |
| tst.js:10:28:10:40 | bodyParameter | tst.js:7:25:7:32 | req.body | tst.js:10:28:10:40 | bodyParameter | Template object depends on $@. | tst.js:7:25:7:32 | req.body | a user-provided value |
| tst.js:11:28:11:41 | queryParameter | tst.js:8:26:8:49 | req.que ... rameter | tst.js:11:28:11:41 | queryParameter | Template object depends on $@. | tst.js:8:26:8:49 | req.que ... rameter | a user-provided value |
| tst.js:24:28:24:30 | obj | tst.js:8:26:8:49 | req.que ... rameter | tst.js:24:28:24:30 | obj | Template object depends on $@. | tst.js:8:26:8:49 | req.que ... rameter | a user-provided value |
| tst.js:29:28:29:42 | JSON.parse(str) | tst.js:8:26:8:49 | req.que ... rameter | tst.js:29:28:29:42 | JSON.parse(str) | Template object depends on $@. | tst.js:8:26:8:49 | req.que ... rameter | a user-provided value |
| routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | Template object depends on a $@. | routes.js:2:23:2:30 | req.body | user-provided value |
| tst2.js:7:28:7:40 | bodyParameter | tst2.js:6:25:6:32 | req.body | tst2.js:7:28:7:40 | bodyParameter | Template object depends on a $@. | tst2.js:6:25:6:32 | req.body | user-provided value |
| tst2.js:27:28:27:40 | bodyParameter | tst2.js:26:25:26:32 | req.body | tst2.js:27:28:27:40 | bodyParameter | Template object depends on a $@. | tst2.js:26:25:26:32 | req.body | user-provided value |
| tst2.js:35:28:35:40 | bodyParameter | tst2.js:34:25:34:32 | req.body | tst2.js:35:28:35:40 | bodyParameter | Template object depends on a $@. | tst2.js:34:25:34:32 | req.body | user-provided value |
| tst2.js:43:28:43:40 | bodyParameter | tst2.js:42:25:42:32 | req.body | tst2.js:43:28:43:40 | bodyParameter | Template object depends on a $@. | tst2.js:42:25:42:32 | req.body | user-provided value |
| tst2.js:52:28:52:40 | bodyParameter | tst2.js:51:25:51:32 | req.body | tst2.js:52:28:52:40 | bodyParameter | Template object depends on a $@. | tst2.js:51:25:51:32 | req.body | user-provided value |
| tst.js:10:28:10:40 | bodyParameter | tst.js:7:25:7:32 | req.body | tst.js:10:28:10:40 | bodyParameter | Template object depends on a $@. | tst.js:7:25:7:32 | req.body | user-provided value |
| tst.js:11:28:11:41 | queryParameter | tst.js:8:26:8:49 | req.que ... rameter | tst.js:11:28:11:41 | queryParameter | Template object depends on a $@. | tst.js:8:26:8:49 | req.que ... rameter | user-provided value |
| tst.js:24:28:24:30 | obj | tst.js:8:26:8:49 | req.que ... rameter | tst.js:24:28:24:30 | obj | Template object depends on a $@. | tst.js:8:26:8:49 | req.que ... rameter | user-provided value |
| tst.js:29:28:29:42 | JSON.parse(str) | tst.js:8:26:8:49 | req.que ... rameter | tst.js:29:28:29:42 | JSON.parse(str) | Template object depends on a $@. | tst.js:8:26:8:49 | req.que ... rameter | user-provided value |

124
javascript/ql/test/query-tests/Security/CWE-078/CommandInjection.expected → javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected
View File

@@ -50,8 +50,6 @@ nodes
| child_process-test.js:83:19:83:36 | req.query.fileName |
| child_process-test.js:83:19:83:36 | req.query.fileName |
| child_process-test.js:83:19:83:36 | req.query.fileName |
| child_process-test.js:85:37:85:54 | req.query.fileName |
| child_process-test.js:85:37:85:54 | req.query.fileName |
| child_process-test.js:94:11:94:35 | "ping " ... ms.host |
| child_process-test.js:94:11:94:35 | "ping " ... ms.host |
| child_process-test.js:94:21:94:30 | ctx.params |
@@ -134,16 +132,6 @@ nodes
| form-parsers.js:59:10:59:33 | "touch ... ilename |
| form-parsers.js:59:21:59:24 | part |
| form-parsers.js:59:21:59:33 | part.filename |
| lib/subLib4/index.js:6:32:6:35 | name |
| lib/subLib4/index.js:7:18:7:21 | name |
| lib/subLib4/subsub.js:3:28:3:31 | name |
| lib/subLib4/subsub.js:4:10:4:25 | "rm -rf " + name |
| lib/subLib4/subsub.js:4:10:4:25 | "rm -rf " + name |
| lib/subLib4/subsub.js:4:22:4:25 | name |
| lib/subLib/index.js:7:32:7:35 | name |
| lib/subLib/index.js:8:10:8:25 | "rm -rf " + name |
| lib/subLib/index.js:8:10:8:25 | "rm -rf " + name |
| lib/subLib/index.js:8:22:8:25 | name |
| other.js:5:9:5:49 | cmd |
| other.js:5:15:5:38 | url.par ... , true) |
| other.js:5:15:5:44 | url.par ... ).query |
@@ -238,10 +226,6 @@ edges
| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) |
| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) |
| child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName |
| child_process-test.js:85:37:85:54 | req.query.fileName | lib/subLib4/index.js:6:32:6:35 | name |
| child_process-test.js:85:37:85:54 | req.query.fileName | lib/subLib4/index.js:6:32:6:35 | name |
| child_process-test.js:85:37:85:54 | req.query.fileName | lib/subLib/index.js:7:32:7:35 | name |
| child_process-test.js:85:37:85:54 | req.query.fileName | lib/subLib/index.js:7:32:7:35 | name |
| child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:21:94:35 | ctx.params.host |
| child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:21:94:35 | ctx.params.host |
| child_process-test.js:94:21:94:35 | ctx.params.host | child_process-test.js:94:11:94:35 | "ping " ... ms.host |
@@ -314,14 +298,6 @@ edges
| form-parsers.js:59:21:59:24 | part | form-parsers.js:59:21:59:33 | part.filename |
| form-parsers.js:59:21:59:33 | part.filename | form-parsers.js:59:10:59:33 | "touch ... ilename |
| form-parsers.js:59:21:59:33 | part.filename | form-parsers.js:59:10:59:33 | "touch ... ilename |
| lib/subLib4/index.js:6:32:6:35 | name | lib/subLib4/index.js:7:18:7:21 | name |
| lib/subLib4/index.js:7:18:7:21 | name | lib/subLib4/subsub.js:3:28:3:31 | name |
| lib/subLib4/subsub.js:3:28:3:31 | name | lib/subLib4/subsub.js:4:22:4:25 | name |
| lib/subLib4/subsub.js:4:22:4:25 | name | lib/subLib4/subsub.js:4:10:4:25 | "rm -rf " + name |
| lib/subLib4/subsub.js:4:22:4:25 | name | lib/subLib4/subsub.js:4:10:4:25 | "rm -rf " + name |
| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name |
| lib/subLib/index.js:8:22:8:25 | name | lib/subLib/index.js:8:10:8:25 | "rm -rf " + name |
| lib/subLib/index.js:8:22:8:25 | name | lib/subLib/index.js:8:10:8:25 | "rm -rf " + name |
| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd |
| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd |
| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd |
@@ -368,54 +344,52 @@ edges
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
#select
| child_process-test.js:17:13:17:15 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:17:13:17:15 | cmd | Command line depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:18:17:18:19 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:18:17:18:19 | cmd | Command line depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:19:17:19:19 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:19:17:19:19 | cmd | Command line depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:20:21:20:23 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:20:21:20:23 | cmd | Command line depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:21:14:21:16 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:21:14:21:16 | cmd | Command line depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:22:18:22:20 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:22:18:22:20 | cmd | Command line depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:23:13:23:15 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:23:13:23:15 | cmd | Command line depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | Command line depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:39:5:39:31 | cp.spaw ... cmd ]) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:39:26:39:28 | cmd | Command line depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:44:5:44:34 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:43:15:43:17 | cmd | Command line depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:54:5:54:39 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:53:15:53:17 | cmd | Command line depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:56:5:56:59 | cp.spaw ... cmd])) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | Command line depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:56:5:56:59 | cp.spaw ... cmd])) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:56:54:56:56 | cmd | Command line depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:57:5:57:50 | cp.spaw ... t(cmd)) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:49 | url.par ... ry.path | Command line depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:57:5:57:50 | cp.spaw ... t(cmd)) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | Command line depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:62:5:62:39 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:53:15:53:17 | cmd | Command line depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:48:15:48:17 | cmd | Command line depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:75:29:75:31 | cmd | child_process-test.js:73:25:73:31 | req.url | child_process-test.js:75:29:75:31 | cmd | Command line depends on $@. | child_process-test.js:73:25:73:31 | req.url | a user-provided value |
| child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | Command line depends on $@. | child_process-test.js:83:19:83:36 | req.query.fileName | a user-provided value |
| child_process-test.js:94:11:94:35 | "ping " ... ms.host | child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:11:94:35 | "ping " ... ms.host | Command line depends on $@. | child_process-test.js:94:21:94:30 | ctx.params | a user-provided value |
| exec-sh2.js:10:12:10:57 | cp.spaw ... ptions) | exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:10:40:10:46 | command | Command line depends on $@. | exec-sh2.js:14:25:14:31 | req.url | a user-provided value |
| exec-sh.js:15:12:15:61 | cp.spaw ... ptions) | exec-sh.js:19:25:19:31 | req.url | exec-sh.js:15:44:15:50 | command | Command line depends on $@. | exec-sh.js:19:25:19:31 | req.url | a user-provided value |
| execSeries.js:14:41:14:47 | command | execSeries.js:18:34:18:40 | req.url | execSeries.js:14:41:14:47 | command | Command line depends on $@. | execSeries.js:18:34:18:40 | req.url | a user-provided value |
| form-parsers.js:9:8:9:39 | "touch ... nalname | form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:8:9:39 | "touch ... nalname | Command line depends on $@. | form-parsers.js:9:19:9:26 | req.file | a user-provided value |
| form-parsers.js:14:10:14:37 | "touch ... nalname | form-parsers.js:13:3:13:11 | req.files | form-parsers.js:14:10:14:37 | "touch ... nalname | Command line depends on $@. | form-parsers.js:13:3:13:11 | req.files | a user-provided value |
| form-parsers.js:25:10:25:28 | "touch " + filename | form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | Command line depends on $@. | form-parsers.js:24:48:24:55 | filename | a user-provided value |
| form-parsers.js:36:10:36:31 | "touch ... ds.name | form-parsers.js:35:25:35:30 | fields | form-parsers.js:36:10:36:31 | "touch ... ds.name | Command line depends on $@. | form-parsers.js:35:25:35:30 | fields | a user-provided value |
| form-parsers.js:41:10:41:31 | "touch ... ds.name | form-parsers.js:40:26:40:31 | fields | form-parsers.js:41:10:41:31 | "touch ... ds.name | Command line depends on $@. | form-parsers.js:40:26:40:31 | fields | a user-provided value |
| form-parsers.js:53:10:53:31 | "touch ... ds.name | form-parsers.js:52:34:52:39 | fields | form-parsers.js:53:10:53:31 | "touch ... ds.name | Command line depends on $@. | form-parsers.js:52:34:52:39 | fields | a user-provided value |
| form-parsers.js:59:10:59:33 | "touch ... ilename | form-parsers.js:58:30:58:33 | part | form-parsers.js:59:10:59:33 | "touch ... ilename | Command line depends on $@. | form-parsers.js:58:30:58:33 | part | a user-provided value |
| lib/subLib4/subsub.js:4:10:4:25 | "rm -rf " + name | child_process-test.js:85:37:85:54 | req.query.fileName | lib/subLib4/subsub.js:4:10:4:25 | "rm -rf " + name | Command line depends on $@. | child_process-test.js:85:37:85:54 | req.query.fileName | a user-provided value |
| lib/subLib/index.js:8:10:8:25 | "rm -rf " + name | child_process-test.js:85:37:85:54 | req.query.fileName | lib/subLib/index.js:8:10:8:25 | "rm -rf " + name | Command line depends on $@. | child_process-test.js:85:37:85:54 | req.query.fileName | a user-provided value |
| other.js:7:33:7:35 | cmd | other.js:5:25:5:31 | req.url | other.js:7:33:7:35 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:8:28:8:30 | cmd | other.js:5:25:5:31 | req.url | other.js:8:28:8:30 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:9:32:9:34 | cmd | other.js:5:25:5:31 | req.url | other.js:9:32:9:34 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:10:29:10:31 | cmd | other.js:5:25:5:31 | req.url | other.js:10:29:10:31 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:11:29:11:31 | cmd | other.js:5:25:5:31 | req.url | other.js:11:29:11:31 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:12:27:12:29 | cmd | other.js:5:25:5:31 | req.url | other.js:12:27:12:29 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:14:28:14:30 | cmd | other.js:5:25:5:31 | req.url | other.js:14:28:14:30 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:15:34:15:36 | cmd | other.js:5:25:5:31 | req.url | other.js:15:34:15:36 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:16:21:16:23 | cmd | other.js:5:25:5:31 | req.url | other.js:16:21:16:23 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:17:27:17:29 | cmd | other.js:5:25:5:31 | req.url | other.js:17:27:17:29 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:18:22:18:24 | cmd | other.js:5:25:5:31 | req.url | other.js:18:22:18:24 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:19:36:19:38 | cmd | other.js:5:25:5:31 | req.url | other.js:19:36:19:38 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:22:21:22:23 | cmd | other.js:5:25:5:31 | req.url | other.js:22:21:22:23 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:23:28:23:30 | cmd | other.js:5:25:5:31 | req.url | other.js:23:28:23:30 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:26:34:26:36 | cmd | other.js:5:25:5:31 | req.url | other.js:26:34:26:36 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:28:27:28:29 | cmd | other.js:5:25:5:31 | req.url | other.js:28:27:28:29 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:30:33:30:35 | cmd | other.js:5:25:5:31 | req.url | other.js:30:33:30:35 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:34:44:34:46 | cmd | other.js:5:25:5:31 | req.url | other.js:34:44:34:46 | cmd | Command line depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| third-party-command-injection.js:6:21:6:27 | command | third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | Command line depends on $@. | third-party-command-injection.js:5:20:5:26 | command | a user-provided value |
| child_process-test.js:17:13:17:15 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:17:13:17:15 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:18:17:18:19 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:18:17:18:19 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:19:17:19:19 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:19:17:19:19 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:20:21:20:23 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:20:21:20:23 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:21:14:21:16 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:21:14:21:16 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:22:18:22:20 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:22:18:22:20 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:23:13:23:15 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:23:13:23:15 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:39:5:39:31 | cp.spaw ... cmd ]) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:39:26:39:28 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:44:5:44:34 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:43:15:43:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:54:5:54:39 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:53:15:53:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:56:5:56:59 | cp.spaw ... cmd])) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:56:5:56:59 | cp.spaw ... cmd])) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:56:54:56:56 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:57:5:57:50 | cp.spaw ... t(cmd)) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:49 | url.par ... ry.path | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:57:5:57:50 | cp.spaw ... t(cmd)) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:62:5:62:39 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:53:15:53:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:48:15:48:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:75:29:75:31 | cmd | child_process-test.js:73:25:73:31 | req.url | child_process-test.js:75:29:75:31 | cmd | This command line depends on a $@. | child_process-test.js:73:25:73:31 | req.url | user-provided value |
| child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | This command line depends on a $@. | child_process-test.js:83:19:83:36 | req.query.fileName | user-provided value |
| child_process-test.js:94:11:94:35 | "ping " ... ms.host | child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:11:94:35 | "ping " ... ms.host | This command line depends on a $@. | child_process-test.js:94:21:94:30 | ctx.params | user-provided value |
| exec-sh2.js:10:12:10:57 | cp.spaw ... ptions) | exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:10:40:10:46 | command | This command line depends on a $@. | exec-sh2.js:14:25:14:31 | req.url | user-provided value |
| exec-sh.js:15:12:15:61 | cp.spaw ... ptions) | exec-sh.js:19:25:19:31 | req.url | exec-sh.js:15:44:15:50 | command | This command line depends on a $@. | exec-sh.js:19:25:19:31 | req.url | user-provided value |
| execSeries.js:14:41:14:47 | command | execSeries.js:18:34:18:40 | req.url | execSeries.js:14:41:14:47 | command | This command line depends on a $@. | execSeries.js:18:34:18:40 | req.url | user-provided value |
| form-parsers.js:9:8:9:39 | "touch ... nalname | form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:8:9:39 | "touch ... nalname | This command line depends on a $@. | form-parsers.js:9:19:9:26 | req.file | user-provided value |
| form-parsers.js:14:10:14:37 | "touch ... nalname | form-parsers.js:13:3:13:11 | req.files | form-parsers.js:14:10:14:37 | "touch ... nalname | This command line depends on a $@. | form-parsers.js:13:3:13:11 | req.files | user-provided value |
| form-parsers.js:25:10:25:28 | "touch " + filename | form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | This command line depends on a $@. | form-parsers.js:24:48:24:55 | filename | user-provided value |
| form-parsers.js:36:10:36:31 | "touch ... ds.name | form-parsers.js:35:25:35:30 | fields | form-parsers.js:36:10:36:31 | "touch ... ds.name | This command line depends on a $@. | form-parsers.js:35:25:35:30 | fields | user-provided value |
| form-parsers.js:41:10:41:31 | "touch ... ds.name | form-parsers.js:40:26:40:31 | fields | form-parsers.js:41:10:41:31 | "touch ... ds.name | This command line depends on a $@. | form-parsers.js:40:26:40:31 | fields | user-provided value |
| form-parsers.js:53:10:53:31 | "touch ... ds.name | form-parsers.js:52:34:52:39 | fields | form-parsers.js:53:10:53:31 | "touch ... ds.name | This command line depends on a $@. | form-parsers.js:52:34:52:39 | fields | user-provided value |
| form-parsers.js:59:10:59:33 | "touch ... ilename | form-parsers.js:58:30:58:33 | part | form-parsers.js:59:10:59:33 | "touch ... ilename | This command line depends on a $@. | form-parsers.js:58:30:58:33 | part | user-provided value |
| other.js:7:33:7:35 | cmd | other.js:5:25:5:31 | req.url | other.js:7:33:7:35 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| other.js:8:28:8:30 | cmd | other.js:5:25:5:31 | req.url | other.js:8:28:8:30 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| other.js:9:32:9:34 | cmd | other.js:5:25:5:31 | req.url | other.js:9:32:9:34 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| other.js:10:29:10:31 | cmd | other.js:5:25:5:31 | req.url | other.js:10:29:10:31 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| other.js:11:29:11:31 | cmd | other.js:5:25:5:31 | req.url | other.js:11:29:11:31 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| other.js:12:27:12:29 | cmd | other.js:5:25:5:31 | req.url | other.js:12:27:12:29 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| other.js:14:28:14:30 | cmd | other.js:5:25:5:31 | req.url | other.js:14:28:14:30 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| other.js:15:34:15:36 | cmd | other.js:5:25:5:31 | req.url | other.js:15:34:15:36 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| other.js:16:21:16:23 | cmd | other.js:5:25:5:31 | req.url | other.js:16:21:16:23 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| other.js:17:27:17:29 | cmd | other.js:5:25:5:31 | req.url | other.js:17:27:17:29 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| other.js:18:22:18:24 | cmd | other.js:5:25:5:31 | req.url | other.js:18:22:18:24 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| other.js:19:36:19:38 | cmd | other.js:5:25:5:31 | req.url | other.js:19:36:19:38 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| other.js:22:21:22:23 | cmd | other.js:5:25:5:31 | req.url | other.js:22:21:22:23 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| other.js:23:28:23:30 | cmd | other.js:5:25:5:31 | req.url | other.js:23:28:23:30 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| other.js:26:34:26:36 | cmd | other.js:5:25:5:31 | req.url | other.js:26:34:26:36 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| other.js:28:27:28:29 | cmd | other.js:5:25:5:31 | req.url | other.js:28:27:28:29 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| other.js:30:33:30:35 | cmd | other.js:5:25:5:31 | req.url | other.js:30:33:30:35 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| other.js:34:44:34:46 | cmd | other.js:5:25:5:31 | req.url | other.js:34:44:34:46 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
| third-party-command-injection.js:6:21:6:27 | command | third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | This command line depends on a $@. | third-party-command-injection.js:5:20:5:26 | command | user-provided value |

0
javascript/ql/test/query-tests/Security/CWE-078/CommandInjection.qlref → javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.qlref
View File

0
javascript/ql/test/query-tests/Security/CWE-078/child_process-test.js → javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/child_process-test.js
View File

0
javascript/ql/test/query-tests/Security/CWE-078/exec-sh.js → javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/exec-sh.js
View File

0
javascript/ql/test/query-tests/Security/CWE-078/exec-sh2.js → javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/exec-sh2.js
View File

0
javascript/ql/test/query-tests/Security/CWE-078/execSeries.js → javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execSeries.js
View File

0
javascript/ql/test/query-tests/Security/CWE-078/form-parsers.js → javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/form-parsers.js
View File

0
javascript/ql/test/query-tests/Security/CWE-078/other.js → javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/other.js
View File

0
javascript/ql/test/query-tests/Security/CWE-078/third-party-command-injection.js → javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/third-party-command-injection.js
View File

1
javascript/ql/test/query-tests/Security/CWE-078/Consistency.ql
View File

@@ -4,6 +4,7 @@ import semmle.javascript.security.dataflow.CommandInjection
import semmle.javascript.security.dataflow.IndirectCommandInjection
import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironment
import semmle.javascript.security.dataflow.UnsafeShellCommandConstruction
import semmle.javascript.security.dataflow.SecondOrderCommandInjectionQuery
class CommandInjectionConsistency extends ConsistencyConfiguration {
CommandInjectionConsistency() { this = "ComandInjection" }

0
javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection.expected → javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected
View File

0
javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection.qlref → javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.qlref
View File

0
javascript/ql/test/query-tests/Security/CWE-078/command-line-parameter-command-injection.js → javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/command-line-parameter-command-injection.js
View File

58
javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected Normal file
View File

@@ -0,0 +1,58 @@
nodes
| second-order.js:6:9:6:33 | remote |
| second-order.js:6:18:6:33 | req.query.remote |
| second-order.js:6:18:6:33 | req.query.remote |
| second-order.js:7:33:7:38 | remote |
| second-order.js:7:33:7:38 | remote |
| second-order.js:9:29:9:34 | remote |
| second-order.js:9:29:9:34 | remote |
| second-order.js:11:33:11:38 | remote |
| second-order.js:11:33:11:38 | remote |
| second-order.js:13:9:13:31 | myArgs |
| second-order.js:13:18:13:31 | req.query.args |
| second-order.js:13:18:13:31 | req.query.args |
| second-order.js:15:19:15:24 | myArgs |
| second-order.js:15:19:15:24 | myArgs |
| second-order.js:26:35:26:40 | remote |
| second-order.js:26:35:26:40 | remote |
| second-order.js:29:19:29:32 | req.query.args |
| second-order.js:29:19:29:32 | req.query.args |
| second-order.js:29:19:29:32 | req.query.args |
| second-order.js:40:28:40:43 | req.query.remote |
| second-order.js:40:28:40:43 | req.query.remote |
| second-order.js:40:28:40:43 | req.query.remote |
| second-order.js:42:31:42:46 | req.query.remote |
| second-order.js:42:31:42:46 | req.query.remote |
| second-order.js:42:31:42:46 | req.query.remote |
| second-order.js:44:18:44:31 | req.query.args |
| second-order.js:44:18:44:31 | req.query.args |
| second-order.js:44:18:44:31 | req.query.args |
edges
| second-order.js:6:9:6:33 | remote | second-order.js:7:33:7:38 | remote |
| second-order.js:6:9:6:33 | remote | second-order.js:7:33:7:38 | remote |
| second-order.js:6:9:6:33 | remote | second-order.js:9:29:9:34 | remote |
| second-order.js:6:9:6:33 | remote | second-order.js:9:29:9:34 | remote |
| second-order.js:6:9:6:33 | remote | second-order.js:11:33:11:38 | remote |
| second-order.js:6:9:6:33 | remote | second-order.js:11:33:11:38 | remote |
| second-order.js:6:9:6:33 | remote | second-order.js:26:35:26:40 | remote |
| second-order.js:6:9:6:33 | remote | second-order.js:26:35:26:40 | remote |
| second-order.js:6:18:6:33 | req.query.remote | second-order.js:6:9:6:33 | remote |
| second-order.js:6:18:6:33 | req.query.remote | second-order.js:6:9:6:33 | remote |
| second-order.js:13:9:13:31 | myArgs | second-order.js:15:19:15:24 | myArgs |
| second-order.js:13:9:13:31 | myArgs | second-order.js:15:19:15:24 | myArgs |
| second-order.js:13:18:13:31 | req.query.args | second-order.js:13:9:13:31 | myArgs |
| second-order.js:13:18:13:31 | req.query.args | second-order.js:13:9:13:31 | myArgs |
| second-order.js:29:19:29:32 | req.query.args | second-order.js:29:19:29:32 | req.query.args |
| second-order.js:40:28:40:43 | req.query.remote | second-order.js:40:28:40:43 | req.query.remote |
| second-order.js:42:31:42:46 | req.query.remote | second-order.js:42:31:42:46 | req.query.remote |
| second-order.js:44:18:44:31 | req.query.args | second-order.js:44:18:44:31 | req.query.args |
#select
| second-order.js:7:33:7:38 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:7:33:7:38 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value |
| second-order.js:9:29:9:34 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:9:29:9:34 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value |
| second-order.js:11:33:11:38 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:11:33:11:38 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value |
| second-order.js:15:19:15:24 | myArgs | second-order.js:13:18:13:31 | req.query.args | second-order.js:15:19:15:24 | myArgs | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:13:18:13:31 | req.query.args | a user-provided value |
| second-order.js:26:35:26:40 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:26:35:26:40 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value |
| second-order.js:29:19:29:32 | req.query.args | second-order.js:29:19:29:32 | req.query.args | second-order.js:29:19:29:32 | req.query.args | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:29:19:29:32 | req.query.args | a user-provided value |
| second-order.js:40:28:40:43 | req.query.remote | second-order.js:40:28:40:43 | req.query.remote | second-order.js:40:28:40:43 | req.query.remote | Command line argument that depends on $@ can execute an arbitrary command if --config=alias.<alias>=<command> is used with hg. | second-order.js:40:28:40:43 | req.query.remote | a user-provided value |
| second-order.js:42:31:42:46 | req.query.remote | second-order.js:42:31:42:46 | req.query.remote | second-order.js:42:31:42:46 | req.query.remote | Command line argument that depends on $@ can execute an arbitrary command if --config=alias.<alias>=<command> is used with hg. | second-order.js:42:31:42:46 | req.query.remote | a user-provided value |
| second-order.js:44:18:44:31 | req.query.args | second-order.js:44:18:44:31 | req.query.args | second-order.js:44:18:44:31 | req.query.args | Command line argument that depends on $@ can execute an arbitrary command if --config=alias.<alias>=<command> is used with hg. | second-order.js:44:18:44:31 | req.query.args | a user-provided value |

1
javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE-078/SecondOrderCommandInjection.ql

53
javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/second-order.js Normal file
View File

@@ -0,0 +1,53 @@
const express = require("express");
const app = express();
const { execFile } = require("child_process");
app.get("/", (req, res) => {
const remote = req.query.remote;
execFile("git", ["ls-remote", remote]); // NOT OK
execFile("git", ["fetch", remote]); // NOT OK
indirect("git", ["ls-remote", remote]); // NOT OK
const myArgs = req.query.args;
execFile("git", myArgs); // NOT OK
if (remote.startsWith("--")) {
execFile("git", ["ls-remote", remote, "HEAD"]); // OK - it is very explicit that options that allowed here.
} else {
execFile("git", ["ls-remote", remote, "HEAD"]); // OK - it's not an option
}
if (remote.startsWith("git@")) {
execFile("git", ["ls-remote", remote, "HEAD"]); // OK - it's a git URL
} else {
execFile("git", ["ls-remote", remote, "HEAD"]); // NOT OK - unknown starting string
}
execFile("git", req.query.args); // NOT OK - unknown args
execFile("git", ["add", req.query.args]); // OK - git add is not a command that can be used to execute arbitrary code
execFile("git", ["add", req.query.remote].concat([otherargs()])); // OK - git add is not a command that can be used to execute arbitrary code
execFile("git", ["ls-remote", req.query.remote].concat(req.query.otherArgs)); // NOT OK - but not found [INCONSISTENCY]. It's hard to track through concat.
execFile("git", ["add", "fpp"].concat(req.query.notVulnerable)); // OK
// hg
execFile("hg", ["clone", req.query.remote]); // NOT OK
execFile("hg", ["whatever", req.query.remote]); // NOT OK - `--config=alias.whatever=touch pwned`
execFile("hg", req.query.args); // NOT OK - unknown args
execFile("hg", ["clone", "--", req.query.remote]); // OK
});
function indirect(cmd, args) {
execFile(cmd, args); // - OK - ish, the vulnerability not reported here
}
app.listen(3000, () => console.log("Example app listening on port 3000!"));

0
javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment.expected → javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected
View File

0
javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment.qlref → javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.qlref
View File

0
javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js → javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js
View File

174
javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction.expected → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected
View File

@@ -673,90 +673,90 @@ edges
| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name |
| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name |
#select
| lib/isImported.js:6:10:6:25 | "rm -rf " + name | lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | $@ which depends on $@ is later used in $@. | lib/isImported.js:6:10:6:25 | "rm -rf " + name | String concatenation | lib/isImported.js:5:49:5:52 | name | library input | lib/isImported.js:6:2:6:26 | cp.exec ... + name) | a shell command |
| lib/lib2.js:4:10:4:25 | "rm -rf " + name | lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | $@ which depends on $@ is later used in $@. | lib/lib2.js:4:10:4:25 | "rm -rf " + name | String concatenation | lib/lib2.js:3:28:3:31 | name | library input | lib/lib2.js:4:2:4:26 | cp.exec ... + name) | a shell command |
| lib/lib2.js:8:10:8:25 | "rm -rf " + name | lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | $@ which depends on $@ is later used in $@. | lib/lib2.js:8:10:8:25 | "rm -rf " + name | String concatenation | lib/lib2.js:7:32:7:35 | name | library input | lib/lib2.js:8:2:8:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:4:10:4:25 | "rm -rf " + name | lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:4:10:4:25 | "rm -rf " + name | String concatenation | lib/lib.js:3:28:3:31 | name | library input | lib/lib.js:4:2:4:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:11:10:11:25 | "rm -rf " + name | lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:11:10:11:25 | "rm -rf " + name | String concatenation | lib/lib.js:10:32:10:35 | name | library input | lib/lib.js:11:2:11:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:15:10:15:25 | "rm -rf " + name | lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:15:10:15:25 | "rm -rf " + name | String concatenation | lib/lib.js:14:36:14:39 | name | library input | lib/lib.js:15:2:15:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:20:10:20:25 | "rm -rf " + name | lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:20:10:20:25 | "rm -rf " + name | String concatenation | lib/lib.js:19:34:19:37 | name | library input | lib/lib.js:20:2:20:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:27:10:27:25 | "rm -rf " + name | lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:27:10:27:25 | "rm -rf " + name | String concatenation | lib/lib.js:26:35:26:38 | name | library input | lib/lib.js:27:2:27:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:35:11:35:26 | "rm -rf " + name | lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:35:11:35:26 | "rm -rf " + name | String concatenation | lib/lib.js:34:14:34:17 | name | library input | lib/lib.js:35:3:35:27 | cp.exec ... + name) | a shell command |
| lib/lib.js:38:11:38:26 | "rm -rf " + name | lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:38:11:38:26 | "rm -rf " + name | String concatenation | lib/lib.js:37:13:37:16 | name | library input | lib/lib.js:38:3:38:27 | cp.exec ... + name) | a shell command |
| lib/lib.js:41:11:41:26 | "rm -rf " + name | lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:41:11:41:26 | "rm -rf " + name | String concatenation | lib/lib.js:40:6:40:9 | name | library input | lib/lib.js:41:3:41:27 | cp.exec ... + name) | a shell command |
| lib/lib.js:50:35:50:50 | "rm -rf " + name | lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:50:35:50:50 | "rm -rf " + name | String concatenation | lib/lib.js:49:31:49:34 | name | library input | lib/lib.js:50:2:50:51 | require ... + name) | a shell command |
| lib/lib.js:54:13:54:28 | "rm -rf " + name | lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:54:13:54:28 | "rm -rf " + name | String concatenation | lib/lib.js:53:33:53:36 | name | library input | lib/lib.js:55:2:55:14 | cp.exec(cmd1) | a shell command |
| lib/lib.js:57:13:57:28 | "rm -rf " + name | lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:57:13:57:28 | "rm -rf " + name | String concatenation | lib/lib.js:53:33:53:36 | name | library input | lib/lib.js:59:3:59:14 | cp.exec(cmd) | a shell command |
| lib/lib.js:65:10:65:25 | "rm -rf " + name | lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:65:10:65:25 | "rm -rf " + name | String concatenation | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:65:2:65:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:71:10:71:31 | "cat /f ... + name | lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:71:10:71:31 | "cat /f ... + name | String concatenation | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:71:2:71:32 | cp.exec ... + name) | a shell command |
| lib/lib.js:73:10:73:31 | "cat \\" ... + "\\"" | lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:73:10:73:31 | "cat \\" ... + "\\"" | String concatenation | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:73:2:73:32 | cp.exec ... + "\\"") | a shell command |
| lib/lib.js:75:10:75:29 | "cat '" + name + "'" | lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:75:10:75:29 | "cat '" + name + "'" | String concatenation | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:75:2:75:30 | cp.exec ... + "'") | a shell command |
| lib/lib.js:77:10:77:37 | "cat '/ ... e + "'" | lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:77:10:77:37 | "cat '/ ... e + "'" | String concatenation | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:77:2:77:38 | cp.exec ... + "'") | a shell command |
| lib/lib.js:83:10:83:25 | "rm -rf " + name | lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:83:10:83:25 | "rm -rf " + name | String concatenation | lib/lib.js:82:35:82:38 | name | library input | lib/lib.js:83:2:83:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:86:13:86:16 | name | lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:86:13:86:16 | name | Array element | lib/lib.js:82:35:82:38 | name | library input | lib/lib.js:87:2:87:25 | cp.exec ... n(" ")) | a shell command |
| lib/lib.js:89:21:89:24 | name | lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:89:21:89:24 | name | Array element | lib/lib.js:82:35:82:38 | name | library input | lib/lib.js:89:2:89:36 | cp.exec ... n(" ")) | a shell command |
| lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | lib/lib.js:82:35:82:38 | name | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | $@ which depends on $@ is later used in $@. | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | Array element | lib/lib.js:82:35:82:38 | name | library input | lib/lib.js:91:2:91:50 | cp.exec ... n(" ")) | a shell command |
| lib/lib.js:98:35:98:38 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:98:35:98:38 | name | Formatted string | lib/lib.js:97:35:97:38 | name | library input | lib/lib.js:98:2:98:40 | cp.exec ... name)) | a shell command |
| lib/lib.js:100:37:100:40 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:100:37:100:40 | name | Formatted string | lib/lib.js:97:35:97:38 | name | library input | lib/lib.js:100:2:100:42 | cp.exec ... name)) | a shell command |
| lib/lib.js:102:46:102:49 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:102:46:102:49 | name | Formatted string | lib/lib.js:97:35:97:38 | name | library input | lib/lib.js:102:2:102:51 | cp.exec ... name)) | a shell command |
| lib/lib.js:108:41:108:44 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:108:41:108:44 | name | Formatted string | lib/lib.js:97:35:97:38 | name | library input | lib/lib.js:108:2:108:46 | cp.exec ... name)) | a shell command |
| lib/lib.js:112:10:112:25 | "rm -rf " + name | lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:112:10:112:25 | "rm -rf " + name | String concatenation | lib/lib.js:111:34:111:37 | name | library input | lib/lib.js:112:2:112:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:121:10:121:25 | "rm -rf " + name | lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:121:10:121:25 | "rm -rf " + name | String concatenation | lib/lib.js:120:33:120:36 | name | library input | lib/lib.js:121:2:121:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:131:11:131:26 | "rm -rf " + name | lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:131:11:131:26 | "rm -rf " + name | String concatenation | lib/lib.js:130:6:130:9 | name | library input | lib/lib.js:131:3:131:27 | cp.exec ... + name) | a shell command |
| lib/lib.js:149:12:149:27 | "rm -rf " + name | lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:149:12:149:27 | "rm -rf " + name | String concatenation | lib/lib.js:148:37:148:40 | name | library input | lib/lib.js:152:2:152:23 | cp.spaw ... gs, cb) | a shell command |
| lib/lib.js:161:13:161:28 | "rm -rf " + name | lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:161:13:161:28 | "rm -rf " + name | String concatenation | lib/lib.js:155:38:155:41 | name | library input | lib/lib.js:163:2:167:2 | cp.spaw ... t' }\\n\\t) | a shell command |
| lib/lib.js:173:10:173:23 | "fo \| " + name | lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:173:10:173:23 | "fo \| " + name | String concatenation | lib/lib.js:170:41:170:44 | name | library input | lib/lib.js:173:2:173:24 | cp.exec ... + name) | a shell command |
| lib/lib.js:182:10:182:27 | "rm -rf " + broken | lib/lib.js:177:38:177:41 | name | lib/lib.js:182:22:182:27 | broken | $@ which depends on $@ is later used in $@. | lib/lib.js:182:10:182:27 | "rm -rf " + broken | String concatenation | lib/lib.js:177:38:177:41 | name | library input | lib/lib.js:182:2:182:28 | cp.exec ... broken) | a shell command |
| lib/lib.js:187:10:187:25 | "rm -rf " + name | lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:187:10:187:25 | "rm -rf " + name | String concatenation | lib/lib.js:186:34:186:37 | name | library input | lib/lib.js:187:2:187:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:190:11:190:26 | "rm -rf " + name | lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:190:11:190:26 | "rm -rf " + name | String concatenation | lib/lib.js:186:34:186:37 | name | library input | lib/lib.js:190:3:190:27 | cp.exec ... + name) | a shell command |
| lib/lib.js:197:10:197:25 | "rm -rf " + name | lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:197:10:197:25 | "rm -rf " + name | String concatenation | lib/lib.js:196:45:196:48 | name | library input | lib/lib.js:197:2:197:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:200:11:200:26 | "rm -rf " + name | lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:200:11:200:26 | "rm -rf " + name | String concatenation | lib/lib.js:196:45:196:48 | name | library input | lib/lib.js:200:3:200:27 | cp.exec ... + name) | a shell command |
| lib/lib.js:207:10:207:25 | "rm -rf " + name | lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:207:10:207:25 | "rm -rf " + name | String concatenation | lib/lib.js:206:45:206:48 | name | library input | lib/lib.js:207:2:207:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:212:11:212:26 | "rm -rf " + name | lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:212:11:212:26 | "rm -rf " + name | String concatenation | lib/lib.js:206:45:206:48 | name | library input | lib/lib.js:212:3:212:27 | cp.exec ... + name) | a shell command |
| lib/lib.js:217:10:217:25 | "rm -rf " + name | lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:217:10:217:25 | "rm -rf " + name | String concatenation | lib/lib.js:216:39:216:42 | name | library input | lib/lib.js:217:2:217:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:220:11:220:26 | "rm -rf " + name | lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:220:11:220:26 | "rm -rf " + name | String concatenation | lib/lib.js:216:39:216:42 | name | library input | lib/lib.js:220:3:220:27 | cp.exec ... + name) | a shell command |
| lib/lib.js:224:10:224:25 | "rm -rf " + name | lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:224:10:224:25 | "rm -rf " + name | String concatenation | lib/lib.js:216:39:216:42 | name | library input | lib/lib.js:224:2:224:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:228:10:228:25 | "rm -rf " + name | lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:228:10:228:25 | "rm -rf " + name | String concatenation | lib/lib.js:227:39:227:42 | name | library input | lib/lib.js:228:2:228:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:236:10:236:25 | "rm -rf " + name | lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:236:10:236:25 | "rm -rf " + name | String concatenation | lib/lib.js:227:39:227:42 | name | library input | lib/lib.js:236:2:236:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:249:10:249:25 | "rm -rf " + name | lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:249:10:249:25 | "rm -rf " + name | String concatenation | lib/lib.js:248:42:248:45 | name | library input | lib/lib.js:249:2:249:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:258:10:258:25 | "rm -rf " + name | lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:258:10:258:25 | "rm -rf " + name | String concatenation | lib/lib.js:257:35:257:38 | name | library input | lib/lib.js:258:2:258:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:261:11:261:33 | "rm -rf ... + name | lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:261:11:261:33 | "rm -rf ... + name | String concatenation | lib/lib.js:257:35:257:38 | name | library input | lib/lib.js:261:3:261:34 | cp.exec ... + name) | a shell command |
| lib/lib.js:268:10:268:32 | "rm -rf ... version | lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:32 | obj.version | $@ which depends on $@ is later used in $@. | lib/lib.js:268:10:268:32 | "rm -rf ... version | String concatenation | lib/lib.js:267:46:267:48 | obj | library input | lib/lib.js:268:2:268:33 | cp.exec ... ersion) | a shell command |
| lib/lib.js:277:11:277:30 | "rm -rf " + opts.bla | lib/lib.js:276:8:276:11 | opts | lib/lib.js:277:23:277:30 | opts.bla | $@ which depends on $@ is later used in $@. | lib/lib.js:277:11:277:30 | "rm -rf " + opts.bla | String concatenation | lib/lib.js:276:8:276:11 | opts | library input | lib/lib.js:277:3:277:31 | cp.exec ... ts.bla) | a shell command |
| lib/lib.js:281:11:281:35 | "rm -rf ... pts.bla | lib/lib.js:276:8:276:11 | opts | lib/lib.js:281:23:281:35 | this.opts.bla | $@ which depends on $@ is later used in $@. | lib/lib.js:281:11:281:35 | "rm -rf ... pts.bla | String concatenation | lib/lib.js:276:8:276:11 | opts | library input | lib/lib.js:281:3:281:36 | cp.exec ... ts.bla) | a shell command |
| lib/lib.js:308:11:308:26 | "rm -rf " + name | lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:308:11:308:26 | "rm -rf " + name | String concatenation | lib/lib.js:307:39:307:42 | name | library input | lib/lib.js:308:3:308:27 | cp.exec ... + name) | a shell command |
| lib/lib.js:315:10:315:25 | "rm -rf " + name | lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:315:10:315:25 | "rm -rf " + name | String concatenation | lib/lib.js:314:40:314:43 | name | library input | lib/lib.js:315:2:315:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:320:11:320:26 | "rm -rf " + name | lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:320:11:320:26 | "rm -rf " + name | String concatenation | lib/lib.js:314:40:314:43 | name | library input | lib/lib.js:320:3:320:27 | cp.exec ... + name) | a shell command |
| lib/lib.js:325:12:325:51 | "MyWind ... " + arg | lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | $@ which depends on $@ is later used in $@. | lib/lib.js:325:12:325:51 | "MyWind ... " + arg | String concatenation | lib/lib.js:324:40:324:42 | arg | library input | lib/lib.js:326:2:326:13 | cp.exec(cmd) | a shell command |
| lib/lib.js:340:10:340:26 | "rm -rf " + id(n) | lib/lib.js:339:39:339:39 | n | lib/lib.js:340:22:340:26 | id(n) | $@ which depends on $@ is later used in $@. | lib/lib.js:340:10:340:26 | "rm -rf " + id(n) | String concatenation | lib/lib.js:339:39:339:39 | n | library input | lib/lib.js:340:2:340:27 | cp.exec ... id(n)) | a shell command |
| lib/lib.js:351:10:351:27 | "rm -rf " + unsafe | lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | $@ which depends on $@ is later used in $@. | lib/lib.js:351:10:351:27 | "rm -rf " + unsafe | String concatenation | lib/lib.js:349:29:349:34 | unsafe | library input | lib/lib.js:351:2:351:28 | cp.exec ... unsafe) | a shell command |
| lib/lib.js:366:17:366:56 | "learn ... + model | lib/lib.js:360:20:360:23 | opts | lib/lib.js:366:28:366:42 | this.learn_args | $@ which depends on $@ is later used in $@. | lib/lib.js:366:17:366:56 | "learn ... + model | String concatenation | lib/lib.js:360:20:360:23 | opts | library input | lib/lib.js:367:3:367:18 | cp.exec(command) | a shell command |
| lib/lib.js:406:10:406:25 | "rm -rf " + name | lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:406:10:406:25 | "rm -rf " + name | String concatenation | lib/lib.js:405:39:405:42 | name | library input | lib/lib.js:406:2:406:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:415:10:415:25 | "rm -rf " + name | lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:415:10:415:25 | "rm -rf " + name | String concatenation | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:415:2:415:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:417:28:417:31 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:417:28:417:31 | name | Shell argument | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:417:2:417:66 | cp.exec ... => {}) | a shell command |
| lib/lib.js:418:25:418:28 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:418:25:418:28 | name | Shell argument | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:418:2:418:45 | cp.spaw ... true}) | a shell command |
| lib/lib.js:419:32:419:35 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:419:32:419:35 | name | Shell argument | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:419:2:419:52 | cp.exec ... true}) | a shell command |
| lib/lib.js:420:29:420:32 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:420:29:420:32 | name | Shell argument | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:420:2:420:49 | cp.spaw ... true}) | a shell command |
| lib/lib.js:424:24:424:27 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:424:24:424:27 | name | Shell argument | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:424:2:424:40 | spawn(" ... WN_OPT) | a shell command |
| lib/lib.js:426:11:426:14 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:426:11:426:14 | name | Shell argument | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:427:2:427:28 | spawn(" ... WN_OPT) | a shell command |
| lib/lib.js:436:19:436:22 | last | lib/lib.js:414:40:414:43 | name | lib/lib.js:436:19:436:22 | last | $@ which depends on $@ is later used in $@. | lib/lib.js:436:19:436:22 | last | Shell argument | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:428:2:428:70 | spawn(" ... WN_OPT) | a shell command |
| lib/lib.js:442:12:442:27 | "rm -rf " + name | lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:442:12:442:27 | "rm -rf " + name | String concatenation | lib/lib.js:441:39:441:42 | name | library input | lib/lib.js:442:2:442:28 | asyncEx ... + name) | a shell command |
| lib/lib.js:447:13:447:28 | "rm -rf " + name | lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:447:13:447:28 | "rm -rf " + name | String concatenation | lib/lib.js:446:20:446:23 | name | library input | lib/lib.js:447:3:447:29 | asyncEx ... + name) | a shell command |
| lib/lib.js:478:27:478:46 | config.installedPath | lib/lib.js:477:33:477:38 | config | lib/lib.js:478:27:478:46 | config.installedPath | $@ which depends on $@ is later used in $@. | lib/lib.js:478:27:478:46 | config.installedPath | Path concatenation | lib/lib.js:477:33:477:38 | config | library input | lib/lib.js:479:12:479:20 | exec(cmd) | a shell command |
| lib/lib.js:483:13:483:33 | ' my na ... + name | lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:483:13:483:33 | ' my na ... + name | String concatenation | lib/lib.js:482:40:482:43 | name | library input | lib/lib.js:485:2:485:20 | cp.exec(cmd + args) | a shell command |
| lib/lib.js:499:19:499:34 | "rm -rf " + name | lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:499:19:499:34 | "rm -rf " + name | String concatenation | lib/lib.js:498:45:498:48 | name | library input | lib/lib.js:499:3:499:35 | MyThing ... + name) | a shell command |
| lib/lib.js:510:10:510:25 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:510:10:510:25 | "rm -rf " + name | String concatenation | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:510:2:510:26 | cp.exec ... + name) | a shell command |
| lib/lib.js:513:11:513:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:513:11:513:26 | "rm -rf " + name | String concatenation | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:513:3:513:27 | cp.exec ... + name) | a shell command |
| lib/lib.js:519:11:519:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:519:11:519:26 | "rm -rf " + name | String concatenation | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:519:3:519:27 | cp.exec ... + name) | a shell command |
| lib/lib.js:525:11:525:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:525:11:525:26 | "rm -rf " + name | String concatenation | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:525:3:525:27 | cp.exec ... + name) | a shell command |
| lib/lib.js:531:11:531:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:531:11:531:26 | "rm -rf " + name | String concatenation | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:531:3:531:27 | cp.exec ... + name) | a shell command |
| lib/lib.js:537:11:537:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:537:11:537:26 | "rm -rf " + name | String concatenation | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:537:3:537:27 | cp.exec ... + name) | a shell command |
| lib/lib.js:543:11:543:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:543:11:543:26 | "rm -rf " + name | String concatenation | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:543:3:543:27 | cp.exec ... + name) | a shell command |
| lib/lib.js:545:11:545:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | $@ which depends on $@ is later used in $@. | lib/lib.js:545:11:545:26 | "rm -rf " + name | String concatenation | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:545:3:545:27 | cp.exec ... + name) | a shell command |
| lib/subLib2/compiled-file.ts:4:13:4:28 | "rm -rf " + name | lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | $@ which depends on $@ is later used in $@. | lib/subLib2/compiled-file.ts:4:13:4:28 | "rm -rf " + name | String concatenation | lib/subLib2/compiled-file.ts:3:26:3:29 | name | library input | lib/subLib2/compiled-file.ts:4:5:4:29 | cp.exec ... + name) | a shell command |
| lib/subLib2/special-file.js:4:10:4:25 | "rm -rf " + name | lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | $@ which depends on $@ is later used in $@. | lib/subLib2/special-file.js:4:10:4:25 | "rm -rf " + name | String concatenation | lib/subLib2/special-file.js:3:28:3:31 | name | library input | lib/subLib2/special-file.js:4:2:4:26 | cp.exec ... + name) | a shell command |
| lib/subLib3/my-file.ts:4:10:4:25 | "rm -rf " + name | lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | $@ which depends on $@ is later used in $@. | lib/subLib3/my-file.ts:4:10:4:25 | "rm -rf " + name | String concatenation | lib/subLib3/my-file.ts:3:28:3:31 | name | library input | lib/subLib3/my-file.ts:4:2:4:26 | cp.exec ... + name) | a shell command |
| lib/subLib4/subsub.js:4:10:4:25 | "rm -rf " + name | lib/subLib4/index.js:6:32:6:35 | name | lib/subLib4/subsub.js:4:22:4:25 | name | $@ which depends on $@ is later used in $@. | lib/subLib4/subsub.js:4:10:4:25 | "rm -rf " + name | String concatenation | lib/subLib4/index.js:6:32:6:35 | name | library input | lib/subLib4/subsub.js:4:2:4:26 | cp.exec ... + name) | a shell command |
| lib/subLib/amdSub.js:4:10:4:25 | "rm -rf " + name | lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | $@ which depends on $@ is later used in $@. | lib/subLib/amdSub.js:4:10:4:25 | "rm -rf " + name | String concatenation | lib/subLib/amdSub.js:3:28:3:31 | name | library input | lib/subLib/amdSub.js:4:2:4:26 | cp.exec ... + name) | a shell command |
| lib/subLib/index.js:4:10:4:25 | "rm -rf " + name | lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | $@ which depends on $@ is later used in $@. | lib/subLib/index.js:4:10:4:25 | "rm -rf " + name | String concatenation | lib/subLib/index.js:3:28:3:31 | name | library input | lib/subLib/index.js:4:2:4:26 | cp.exec ... + name) | a shell command |
| lib/subLib/index.js:8:10:8:25 | "rm -rf " + name | lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | $@ which depends on $@ is later used in $@. | lib/subLib/index.js:8:10:8:25 | "rm -rf " + name | String concatenation | lib/subLib/index.js:7:32:7:35 | name | library input | lib/subLib/index.js:8:2:8:26 | cp.exec ... + name) | a shell command |
| lib/isImported.js:6:10:6:25 | "rm -rf " + name | lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/isImported.js:5:49:5:52 | name | library input | lib/isImported.js:6:2:6:26 | cp.exec ... + name) | shell command |
| lib/lib2.js:4:10:4:25 | "rm -rf " + name | lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib2.js:3:28:3:31 | name | library input | lib/lib2.js:4:2:4:26 | cp.exec ... + name) | shell command |
| lib/lib2.js:8:10:8:25 | "rm -rf " + name | lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib2.js:7:32:7:35 | name | library input | lib/lib2.js:8:2:8:26 | cp.exec ... + name) | shell command |
| lib/lib.js:4:10:4:25 | "rm -rf " + name | lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:3:28:3:31 | name | library input | lib/lib.js:4:2:4:26 | cp.exec ... + name) | shell command |
| lib/lib.js:11:10:11:25 | "rm -rf " + name | lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:10:32:10:35 | name | library input | lib/lib.js:11:2:11:26 | cp.exec ... + name) | shell command |
| lib/lib.js:15:10:15:25 | "rm -rf " + name | lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:14:36:14:39 | name | library input | lib/lib.js:15:2:15:26 | cp.exec ... + name) | shell command |
| lib/lib.js:20:10:20:25 | "rm -rf " + name | lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:19:34:19:37 | name | library input | lib/lib.js:20:2:20:26 | cp.exec ... + name) | shell command |
| lib/lib.js:27:10:27:25 | "rm -rf " + name | lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:26:35:26:38 | name | library input | lib/lib.js:27:2:27:26 | cp.exec ... + name) | shell command |
| lib/lib.js:35:11:35:26 | "rm -rf " + name | lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:34:14:34:17 | name | library input | lib/lib.js:35:3:35:27 | cp.exec ... + name) | shell command |
| lib/lib.js:38:11:38:26 | "rm -rf " + name | lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:37:13:37:16 | name | library input | lib/lib.js:38:3:38:27 | cp.exec ... + name) | shell command |
| lib/lib.js:41:11:41:26 | "rm -rf " + name | lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:40:6:40:9 | name | library input | lib/lib.js:41:3:41:27 | cp.exec ... + name) | shell command |
| lib/lib.js:50:35:50:50 | "rm -rf " + name | lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:49:31:49:34 | name | library input | lib/lib.js:50:2:50:51 | require ... + name) | shell command |
| lib/lib.js:54:13:54:28 | "rm -rf " + name | lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:53:33:53:36 | name | library input | lib/lib.js:55:2:55:14 | cp.exec(cmd1) | shell command |
| lib/lib.js:57:13:57:28 | "rm -rf " + name | lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:53:33:53:36 | name | library input | lib/lib.js:59:3:59:14 | cp.exec(cmd) | shell command |
| lib/lib.js:65:10:65:25 | "rm -rf " + name | lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:65:2:65:26 | cp.exec ... + name) | shell command |
| lib/lib.js:71:10:71:31 | "cat /f ... + name | lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:71:2:71:32 | cp.exec ... + name) | shell command |
| lib/lib.js:73:10:73:31 | "cat \\" ... + "\\"" | lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:73:2:73:32 | cp.exec ... + "\\"") | shell command |
| lib/lib.js:75:10:75:29 | "cat '" + name + "'" | lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:75:2:75:30 | cp.exec ... + "'") | shell command |
| lib/lib.js:77:10:77:37 | "cat '/ ... e + "'" | lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:77:2:77:38 | cp.exec ... + "'") | shell command |
| lib/lib.js:83:10:83:25 | "rm -rf " + name | lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:82:35:82:38 | name | library input | lib/lib.js:83:2:83:26 | cp.exec ... + name) | shell command |
| lib/lib.js:86:13:86:16 | name | lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | This array element which depends on $@ is later used in a $@. | lib/lib.js:82:35:82:38 | name | library input | lib/lib.js:87:2:87:25 | cp.exec ... n(" ")) | shell command |
| lib/lib.js:89:21:89:24 | name | lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | This array element which depends on $@ is later used in a $@. | lib/lib.js:82:35:82:38 | name | library input | lib/lib.js:89:2:89:36 | cp.exec ... n(" ")) | shell command |
| lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | lib/lib.js:82:35:82:38 | name | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | This array element which depends on $@ is later used in a $@. | lib/lib.js:82:35:82:38 | name | library input | lib/lib.js:91:2:91:50 | cp.exec ... n(" ")) | shell command |
| lib/lib.js:98:35:98:38 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | This formatted string which depends on $@ is later used in a $@. | lib/lib.js:97:35:97:38 | name | library input | lib/lib.js:98:2:98:40 | cp.exec ... name)) | shell command |
| lib/lib.js:100:37:100:40 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | This formatted string which depends on $@ is later used in a $@. | lib/lib.js:97:35:97:38 | name | library input | lib/lib.js:100:2:100:42 | cp.exec ... name)) | shell command |
| lib/lib.js:102:46:102:49 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | This formatted string which depends on $@ is later used in a $@. | lib/lib.js:97:35:97:38 | name | library input | lib/lib.js:102:2:102:51 | cp.exec ... name)) | shell command |
| lib/lib.js:108:41:108:44 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | This formatted string which depends on $@ is later used in a $@. | lib/lib.js:97:35:97:38 | name | library input | lib/lib.js:108:2:108:46 | cp.exec ... name)) | shell command |
| lib/lib.js:112:10:112:25 | "rm -rf " + name | lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:111:34:111:37 | name | library input | lib/lib.js:112:2:112:26 | cp.exec ... + name) | shell command |
| lib/lib.js:121:10:121:25 | "rm -rf " + name | lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:120:33:120:36 | name | library input | lib/lib.js:121:2:121:26 | cp.exec ... + name) | shell command |
| lib/lib.js:131:11:131:26 | "rm -rf " + name | lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:130:6:130:9 | name | library input | lib/lib.js:131:3:131:27 | cp.exec ... + name) | shell command |
| lib/lib.js:149:12:149:27 | "rm -rf " + name | lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:148:37:148:40 | name | library input | lib/lib.js:152:2:152:23 | cp.spaw ... gs, cb) | shell command |
| lib/lib.js:161:13:161:28 | "rm -rf " + name | lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:155:38:155:41 | name | library input | lib/lib.js:163:2:167:2 | cp.spaw ... t' }\\n\\t) | shell command |
| lib/lib.js:173:10:173:23 | "fo \| " + name | lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:170:41:170:44 | name | library input | lib/lib.js:173:2:173:24 | cp.exec ... + name) | shell command |
| lib/lib.js:182:10:182:27 | "rm -rf " + broken | lib/lib.js:177:38:177:41 | name | lib/lib.js:182:22:182:27 | broken | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:177:38:177:41 | name | library input | lib/lib.js:182:2:182:28 | cp.exec ... broken) | shell command |
| lib/lib.js:187:10:187:25 | "rm -rf " + name | lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:186:34:186:37 | name | library input | lib/lib.js:187:2:187:26 | cp.exec ... + name) | shell command |
| lib/lib.js:190:11:190:26 | "rm -rf " + name | lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:186:34:186:37 | name | library input | lib/lib.js:190:3:190:27 | cp.exec ... + name) | shell command |
| lib/lib.js:197:10:197:25 | "rm -rf " + name | lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:196:45:196:48 | name | library input | lib/lib.js:197:2:197:26 | cp.exec ... + name) | shell command |
| lib/lib.js:200:11:200:26 | "rm -rf " + name | lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:196:45:196:48 | name | library input | lib/lib.js:200:3:200:27 | cp.exec ... + name) | shell command |
| lib/lib.js:207:10:207:25 | "rm -rf " + name | lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:206:45:206:48 | name | library input | lib/lib.js:207:2:207:26 | cp.exec ... + name) | shell command |
| lib/lib.js:212:11:212:26 | "rm -rf " + name | lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:206:45:206:48 | name | library input | lib/lib.js:212:3:212:27 | cp.exec ... + name) | shell command |
| lib/lib.js:217:10:217:25 | "rm -rf " + name | lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:216:39:216:42 | name | library input | lib/lib.js:217:2:217:26 | cp.exec ... + name) | shell command |
| lib/lib.js:220:11:220:26 | "rm -rf " + name | lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:216:39:216:42 | name | library input | lib/lib.js:220:3:220:27 | cp.exec ... + name) | shell command |
| lib/lib.js:224:10:224:25 | "rm -rf " + name | lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:216:39:216:42 | name | library input | lib/lib.js:224:2:224:26 | cp.exec ... + name) | shell command |
| lib/lib.js:228:10:228:25 | "rm -rf " + name | lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:227:39:227:42 | name | library input | lib/lib.js:228:2:228:26 | cp.exec ... + name) | shell command |
| lib/lib.js:236:10:236:25 | "rm -rf " + name | lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:227:39:227:42 | name | library input | lib/lib.js:236:2:236:26 | cp.exec ... + name) | shell command |
| lib/lib.js:249:10:249:25 | "rm -rf " + name | lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:248:42:248:45 | name | library input | lib/lib.js:249:2:249:26 | cp.exec ... + name) | shell command |
| lib/lib.js:258:10:258:25 | "rm -rf " + name | lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:257:35:257:38 | name | library input | lib/lib.js:258:2:258:26 | cp.exec ... + name) | shell command |
| lib/lib.js:261:11:261:33 | "rm -rf ... + name | lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:257:35:257:38 | name | library input | lib/lib.js:261:3:261:34 | cp.exec ... + name) | shell command |
| lib/lib.js:268:10:268:32 | "rm -rf ... version | lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:32 | obj.version | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:267:46:267:48 | obj | library input | lib/lib.js:268:2:268:33 | cp.exec ... ersion) | shell command |
| lib/lib.js:277:11:277:30 | "rm -rf " + opts.bla | lib/lib.js:276:8:276:11 | opts | lib/lib.js:277:23:277:30 | opts.bla | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:276:8:276:11 | opts | library input | lib/lib.js:277:3:277:31 | cp.exec ... ts.bla) | shell command |
| lib/lib.js:281:11:281:35 | "rm -rf ... pts.bla | lib/lib.js:276:8:276:11 | opts | lib/lib.js:281:23:281:35 | this.opts.bla | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:276:8:276:11 | opts | library input | lib/lib.js:281:3:281:36 | cp.exec ... ts.bla) | shell command |
| lib/lib.js:308:11:308:26 | "rm -rf " + name | lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:307:39:307:42 | name | library input | lib/lib.js:308:3:308:27 | cp.exec ... + name) | shell command |
| lib/lib.js:315:10:315:25 | "rm -rf " + name | lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:314:40:314:43 | name | library input | lib/lib.js:315:2:315:26 | cp.exec ... + name) | shell command |
| lib/lib.js:320:11:320:26 | "rm -rf " + name | lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:314:40:314:43 | name | library input | lib/lib.js:320:3:320:27 | cp.exec ... + name) | shell command |
| lib/lib.js:325:12:325:51 | "MyWind ... " + arg | lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:324:40:324:42 | arg | library input | lib/lib.js:326:2:326:13 | cp.exec(cmd) | shell command |
| lib/lib.js:340:10:340:26 | "rm -rf " + id(n) | lib/lib.js:339:39:339:39 | n | lib/lib.js:340:22:340:26 | id(n) | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:339:39:339:39 | n | library input | lib/lib.js:340:2:340:27 | cp.exec ... id(n)) | shell command |
| lib/lib.js:351:10:351:27 | "rm -rf " + unsafe | lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:349:29:349:34 | unsafe | library input | lib/lib.js:351:2:351:28 | cp.exec ... unsafe) | shell command |
| lib/lib.js:366:17:366:56 | "learn ... + model | lib/lib.js:360:20:360:23 | opts | lib/lib.js:366:28:366:42 | this.learn_args | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:360:20:360:23 | opts | library input | lib/lib.js:367:3:367:18 | cp.exec(command) | shell command |
| lib/lib.js:406:10:406:25 | "rm -rf " + name | lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:405:39:405:42 | name | library input | lib/lib.js:406:2:406:26 | cp.exec ... + name) | shell command |
| lib/lib.js:415:10:415:25 | "rm -rf " + name | lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:415:2:415:26 | cp.exec ... + name) | shell command |
| lib/lib.js:417:28:417:31 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:417:2:417:66 | cp.exec ... => {}) | shell command |
| lib/lib.js:418:25:418:28 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:418:2:418:45 | cp.spaw ... true}) | shell command |
| lib/lib.js:419:32:419:35 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:419:2:419:52 | cp.exec ... true}) | shell command |
| lib/lib.js:420:29:420:32 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:420:2:420:49 | cp.spaw ... true}) | shell command |
| lib/lib.js:424:24:424:27 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:424:2:424:40 | spawn(" ... WN_OPT) | shell command |
| lib/lib.js:426:11:426:14 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:427:2:427:28 | spawn(" ... WN_OPT) | shell command |
| lib/lib.js:436:19:436:22 | last | lib/lib.js:414:40:414:43 | name | lib/lib.js:436:19:436:22 | last | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:428:2:428:70 | spawn(" ... WN_OPT) | shell command |
| lib/lib.js:442:12:442:27 | "rm -rf " + name | lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:441:39:441:42 | name | library input | lib/lib.js:442:2:442:28 | asyncEx ... + name) | shell command |
| lib/lib.js:447:13:447:28 | "rm -rf " + name | lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:446:20:446:23 | name | library input | lib/lib.js:447:3:447:29 | asyncEx ... + name) | shell command |
| lib/lib.js:478:27:478:46 | config.installedPath | lib/lib.js:477:33:477:38 | config | lib/lib.js:478:27:478:46 | config.installedPath | This path concatenation which depends on $@ is later used in a $@. | lib/lib.js:477:33:477:38 | config | library input | lib/lib.js:479:12:479:20 | exec(cmd) | shell command |
| lib/lib.js:483:13:483:33 | ' my na ... + name | lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:482:40:482:43 | name | library input | lib/lib.js:485:2:485:20 | cp.exec(cmd + args) | shell command |
| lib/lib.js:499:19:499:34 | "rm -rf " + name | lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:498:45:498:48 | name | library input | lib/lib.js:499:3:499:35 | MyThing ... + name) | shell command |
| lib/lib.js:510:10:510:25 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:510:2:510:26 | cp.exec ... + name) | shell command |
| lib/lib.js:513:11:513:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:513:3:513:27 | cp.exec ... + name) | shell command |
| lib/lib.js:519:11:519:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:519:3:519:27 | cp.exec ... + name) | shell command |
| lib/lib.js:525:11:525:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:525:3:525:27 | cp.exec ... + name) | shell command |
| lib/lib.js:531:11:531:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:531:3:531:27 | cp.exec ... + name) | shell command |
| lib/lib.js:537:11:537:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:537:3:537:27 | cp.exec ... + name) | shell command |
| lib/lib.js:543:11:543:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:543:3:543:27 | cp.exec ... + name) | shell command |
| lib/lib.js:545:11:545:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:545:3:545:27 | cp.exec ... + name) | shell command |
| lib/subLib2/compiled-file.ts:4:13:4:28 | "rm -rf " + name | lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib2/compiled-file.ts:3:26:3:29 | name | library input | lib/subLib2/compiled-file.ts:4:5:4:29 | cp.exec ... + name) | shell command |
| lib/subLib2/special-file.js:4:10:4:25 | "rm -rf " + name | lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib2/special-file.js:3:28:3:31 | name | library input | lib/subLib2/special-file.js:4:2:4:26 | cp.exec ... + name) | shell command |
| lib/subLib3/my-file.ts:4:10:4:25 | "rm -rf " + name | lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib3/my-file.ts:3:28:3:31 | name | library input | lib/subLib3/my-file.ts:4:2:4:26 | cp.exec ... + name) | shell command |
| lib/subLib4/subsub.js:4:10:4:25 | "rm -rf " + name | lib/subLib4/index.js:6:32:6:35 | name | lib/subLib4/subsub.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib4/index.js:6:32:6:35 | name | library input | lib/subLib4/subsub.js:4:2:4:26 | cp.exec ... + name) | shell command |
| lib/subLib/amdSub.js:4:10:4:25 | "rm -rf " + name | lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib/amdSub.js:3:28:3:31 | name | library input | lib/subLib/amdSub.js:4:2:4:26 | cp.exec ... + name) | shell command |
| lib/subLib/index.js:4:10:4:25 | "rm -rf " + name | lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib/index.js:3:28:3:31 | name | library input | lib/subLib/index.js:4:2:4:26 | cp.exec ... + name) | shell command |
| lib/subLib/index.js:8:10:8:25 | "rm -rf " + name | lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib/index.js:7:32:7:35 | name | library input | lib/subLib/index.js:8:2:8:26 | cp.exec ... + name) | shell command |

0
javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction.qlref → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.qlref
View File

0
javascript/ql/test/query-tests/Security/CWE-078/lib/isImported.js → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/isImported.js
View File

0
javascript/ql/test/query-tests/Security/CWE-078/lib/lib.js → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib.js
View File

0
javascript/ql/test/query-tests/Security/CWE-078/lib/lib2.js → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib2.js
View File

0
javascript/ql/test/query-tests/Security/CWE-078/lib/other.js → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/other.js
View File

0
javascript/ql/test/query-tests/Security/CWE-078/lib/subLib/amd.js → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib/amd.js
View File

0
javascript/ql/test/query-tests/Security/CWE-078/lib/subLib/amdSub.js → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib/amdSub.js
View File

0
javascript/ql/test/query-tests/Security/CWE-078/lib/subLib/index.js → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib/index.js
View File

0
javascript/ql/test/query-tests/Security/CWE-078/lib/subLib/package.json → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib/package.json
View File

0
javascript/ql/test/query-tests/Security/CWE-078/lib/subLib2/compiled-file.ts → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib2/compiled-file.ts
View File

0
javascript/ql/test/query-tests/Security/CWE-078/lib/subLib2/package.json → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib2/package.json
View File

0
javascript/ql/test/query-tests/Security/CWE-078/lib/subLib2/special-file.js → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib2/special-file.js
View File

0
javascript/ql/test/query-tests/Security/CWE-078/lib/subLib3/my-file.ts → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib3/my-file.ts
View File

0
javascript/ql/test/query-tests/Security/CWE-078/lib/subLib3/package.json → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib3/package.json
View File

0
javascript/ql/test/query-tests/Security/CWE-078/lib/subLib4/index.js → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib4/index.js
View File

0
javascript/ql/test/query-tests/Security/CWE-078/lib/subLib4/package.json → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib4/package.json
View File

0
javascript/ql/test/query-tests/Security/CWE-078/lib/subLib4/subsub.js → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib4/subsub.js
View File

0
javascript/ql/test/query-tests/Security/CWE-078/package.json → javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/package.json
View File

44
javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat.expected → javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat/UselessUseOfCat.expected
View File

@@ -1,8 +1,4 @@
readFile
| lib/lib.js:71:2:71:32 | cp.exec ... + name) | fs.readFile("/foO/BAR/" + name) |
| lib/lib.js:73:2:73:32 | cp.exec ... + "\\"") | fs.readFile(""" + name + """) |
| lib/lib.js:75:2:75:30 | cp.exec ... + "'") | fs.readFile("'" + name + "'") |
| lib/lib.js:77:2:77:38 | cp.exec ... + "'") | fs.readFile("'/foo/bar" + name + "'") |
| uselesscat.js:10:1:10:43 | exec("c ... ut) {}) | fs.readFile("foo/bar", function(err, out) {...}) |
| uselesscat.js:12:1:14:2 | exec("c ... ut);\\n}) | fs.readFile("/proc/" + id + "/status", function(err, out) {...}) |
| uselesscat.js:16:1:16:29 | execSyn ... uinfo') | fs.readFileSync("/proc/cpuinfo") |
@@ -39,31 +35,6 @@ readFile
| uselesscat.js:163:1:163:42 | execmod ... utf8'}) | fs.readFile("foo/bar") |
| uselesscat.js:164:1:164:76 | execmod ... (out)}) | fs.readFile("foo/bar", {encoding: 'utf8'}, (err, out) => {...}) |
syncCommand
| child_process-test.js:9:5:9:22 | cp.execSync("foo") |
| child_process-test.js:11:5:11:26 | cp.exec ... ("foo") |
| child_process-test.js:13:5:13:23 | cp.spawnSync("foo") |
| child_process-test.js:18:5:18:20 | cp.execSync(cmd) |
| child_process-test.js:20:5:20:24 | cp.execFileSync(cmd) |
| child_process-test.js:22:5:22:21 | cp.spawnSync(cmd) |
| command-line-parameter-command-injection.js:11:2:11:21 | cp.execSync(args[0]) |
| command-line-parameter-command-injection.js:12:2:12:33 | cp.exec ... rgs[0]) |
| command-line-parameter-command-injection.js:15:2:15:26 | cp.exec ... rgs[0]) |
| command-line-parameter-command-injection.js:16:2:16:38 | cp.exec ... rgs[0]) |
| command-line-parameter-command-injection.js:19:2:19:18 | cp.execSync(arg0) |
| command-line-parameter-command-injection.js:20:2:20:30 | cp.exec ... + arg0) |
| command-line-parameter-command-injection.js:26:2:26:51 | cp.exec ... tion"`) |
| command-line-parameter-command-injection.js:27:2:27:58 | cp.exec ... tion"`) |
| lib/lib.js:419:2:419:52 | cp.exec ... true}) |
| lib/lib.js:420:2:420:49 | cp.spaw ... true}) |
| other.js:7:5:7:36 | require ... nc(cmd) |
| other.js:9:5:9:35 | require ... nc(cmd) |
| other.js:12:5:12:30 | require ... nc(cmd) |
| other.js:30:5:30:36 | require ... ")(cmd) |
| third-party-command-injection.js:6:9:6:28 | cp.execSync(command) |
| tst_shell-command-injection-from-environment.js:5:2:5:62 | cp.exec ... emp")]) |
| tst_shell-command-injection-from-environment.js:6:2:6:54 | cp.exec ... temp")) |
| tst_shell-command-injection-from-environment.js:9:2:9:58 | execa.s ... temp")) |
| tst_shell-command-injection-from-environment.js:12:2:12:34 | execa.s ... + safe) |
| uselesscat.js:16:1:16:29 | execSyn ... uinfo') |
| uselesscat.js:18:1:18:26 | execSyn ... path}`) |
| uselesscat.js:20:1:20:36 | execSyn ... wc -l') |
@@ -95,21 +66,6 @@ syncCommand
| uselesscat.js:158:16:158:46 | cspawn. ... /bar']) |
| uselesscat.js:159:16:159:68 | cspawn. ... tf8' }) |
options
| child_process-test.js:56:5:56:59 | cp.spaw ... cmd])) | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) |
| child_process-test.js:57:5:57:50 | cp.spaw ... t(cmd)) | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) |
| child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) | child_process-test.js:67:17:67:20 | args |
| exec-sh2.js:10:12:10:57 | cp.spaw ... ptions) | exec-sh2.js:10:50:10:56 | options |
| exec-sh.js:15:12:15:61 | cp.spaw ... ptions) | exec-sh.js:15:54:15:60 | options |
| lib/lib.js:152:2:152:23 | cp.spaw ... gs, cb) | lib/lib.js:152:21:152:22 | cb |
| lib/lib.js:159:2:159:23 | cp.spaw ... gs, cb) | lib/lib.js:159:21:159:22 | cb |
| lib/lib.js:163:2:167:2 | cp.spaw ... t' }\\n\\t) | lib/lib.js:166:3:166:22 | { stdio: 'inherit' } |
| lib/lib.js:417:2:417:66 | cp.exec ... => {}) | lib/lib.js:417:35:417:47 | {shell: true} |
| lib/lib.js:418:2:418:45 | cp.spaw ... true}) | lib/lib.js:418:32:418:44 | {shell: true} |
| lib/lib.js:419:2:419:52 | cp.exec ... true}) | lib/lib.js:419:39:419:51 | {shell: true} |
| lib/lib.js:420:2:420:49 | cp.spaw ... true}) | lib/lib.js:420:36:420:48 | {shell: true} |
| lib/lib.js:424:2:424:40 | spawn(" ... WN_OPT) | lib/lib.js:424:31:424:39 | SPAWN_OPT |
| lib/lib.js:427:2:427:28 | spawn(" ... WN_OPT) | lib/lib.js:427:19:427:27 | SPAWN_OPT |
| lib/lib.js:428:2:428:70 | spawn(" ... WN_OPT) | lib/lib.js:428:61:428:69 | SPAWN_OPT |
| uselesscat.js:28:1:28:39 | execSyn ... 1000}) | uselesscat.js:28:28:28:38 | {uid: 1000} |
| uselesscat.js:30:1:30:64 | exec('c ... t) { }) | uselesscat.js:30:26:30:38 | { cwd: './' } |
| uselesscat.js:34:1:34:54 | execSyn ... utf8'}) | uselesscat.js:34:36:34:53 | {encoding: 'utf8'} |

0
javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat.ql → javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat/UselessUseOfCat.ql
View File

0
javascript/ql/test/query-tests/Security/CWE-078/uselesscat.js → javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat/uselesscat.js
View File

103
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
View File

@@ -431,6 +431,22 @@ nodes
| jquery.js:34:5:34:25 | '<b>' + ... '</b>' |
| jquery.js:34:5:34:25 | '<b>' + ... '</b>' |
| jquery.js:34:13:34:16 | hash |
| json-stringify.jsx:5:9:5:36 | locale |
| json-stringify.jsx:5:9:5:36 | locale |
| json-stringify.jsx:5:18:5:36 | req.param("locale") |
| json-stringify.jsx:5:18:5:36 | req.param("locale") |
| json-stringify.jsx:5:18:5:36 | req.param("locale") |
| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` |
| json-stringify.jsx:11:51:11:56 | locale |
| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` |
| json-stringify.jsx:19:56:19:61 | locale |
| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) |
| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) |
| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) |
| json-stringify.jsx:31:55:31:60 | locale |
| json-stringify.jsx:31:55:31:60 | locale |
| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
| jwt-server.js:7:9:7:35 | taint |
| jwt-server.js:7:9:7:35 | taint |
| jwt-server.js:7:17:7:35 | req.param("wobble") |
@@ -488,6 +504,38 @@ nodes
| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) |
| optionalSanitizer.js:45:41:45:46 | target |
| optionalSanitizer.js:45:51:45:56 | target |
| pages/[id].jsx:5:9:5:14 | { id } |
| pages/[id].jsx:5:9:5:14 | { id } |
| pages/[id].jsx:5:9:5:29 | id |
| pages/[id].jsx:5:9:5:29 | id |
| pages/[id].jsx:5:11:5:12 | id |
| pages/[id].jsx:5:11:5:12 | id |
| pages/[id].jsx:5:18:5:29 | router.query |
| pages/[id].jsx:5:18:5:29 | router.query |
| pages/[id].jsx:5:18:5:29 | router.query |
| pages/[id].jsx:10:44:10:45 | id |
| pages/[id].jsx:10:44:10:45 | id |
| pages/[id].jsx:10:44:10:45 | id |
| pages/[id].jsx:13:44:13:52 | params.id |
| pages/[id].jsx:13:44:13:52 | params.id |
| pages/[id].jsx:13:44:13:52 | params.id |
| pages/[id].jsx:16:44:16:51 | params.q |
| pages/[id].jsx:16:44:16:51 | params.q |
| pages/[id].jsx:16:44:16:51 | params.q |
| pages/[id].jsx:25:11:25:24 | context.params |
| pages/[id].jsx:25:11:25:24 | context.params |
| pages/[id].jsx:25:11:25:24 | context.params |
| pages/[id].jsx:25:11:25:27 | context.params.id |
| pages/[id].jsx:25:11:25:27 | context.params.id |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" |
| pages/[id].jsx:26:10:26:22 | context.query |
| pages/[id].jsx:26:10:26:22 | context.query |
| pages/[id].jsx:26:10:26:22 | context.query |
| pages/[id].jsx:26:10:26:30 | context ... .foobar |
| pages/[id].jsx:26:10:26:30 | context ... .foobar |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" |
| react-native.js:7:7:7:33 | tainted |
| react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") |
@@ -1509,6 +1557,24 @@ edges
| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') |
| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '<b>' + ... '</b>' |
| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '<b>' + ... '</b>' |
| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale |
| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale |
| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale |
| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale |
| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale |
| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale |
| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale |
| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale |
| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` |
| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` |
| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) |
| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) |
| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) |
| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) |
| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint |
| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint |
| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint |
@@ -1570,6 +1636,38 @@ edges
| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) |
| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target |
| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target |
| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id |
| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id |
| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id |
| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id |
| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id |
| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id |
| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id |
| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id |
| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } |
| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } |
| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } |
| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } |
| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id |
| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id |
| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id |
| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id |
| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" |
| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id |
| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar |
| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar |
| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar |
| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar |
| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" |
| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted |
@@ -2241,6 +2339,8 @@ edges
| jquery.js:27:5:27:25 | hash.re ... #', '') | jquery.js:18:14:18:33 | window.location.hash | jquery.js:27:5:27:25 | hash.re ... #', '') | Cross-site scripting vulnerability due to $@. | jquery.js:18:14:18:33 | window.location.hash | user-provided value |
| jquery.js:28:5:28:43 | window. ... ?', '') | jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | Cross-site scripting vulnerability due to $@. | jquery.js:28:5:28:26 | window. ... .search | user-provided value |
| jquery.js:34:5:34:25 | '<b>' + ... '</b>' | jquery.js:18:14:18:33 | window.location.hash | jquery.js:34:5:34:25 | '<b>' + ... '</b>' | Cross-site scripting vulnerability due to $@. | jquery.js:18:14:18:33 | window.location.hash | user-provided value |
| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | Cross-site scripting vulnerability due to $@. | json-stringify.jsx:5:18:5:36 | req.param("locale") | user-provided value |
| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | Cross-site scripting vulnerability due to $@. | json-stringify.jsx:5:18:5:36 | req.param("locale") | user-provided value |
| jwt-server.js:11:19:11:29 | decoded.foo | jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:11:19:11:29 | decoded.foo | Cross-site scripting vulnerability due to $@. | jwt-server.js:7:17:7:35 | req.param("wobble") | user-provided value |
| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | HTML injection vulnerability due to $@. | nodemailer.js:13:50:13:66 | req.query.message | user-provided value |
| optionalSanitizer.js:6:18:6:23 | target | optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:6:18:6:23 | target | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:2:16:2:39 | documen ... .search | user-provided value |
@@ -2251,6 +2351,9 @@ edges
| optionalSanitizer.js:39:18:39:25 | tainted3 | optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:39:18:39:25 | tainted3 | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:26:16:26:39 | documen ... .search | user-provided value |
| optionalSanitizer.js:43:18:43:25 | tainted3 | optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:43:18:43:25 | tainted3 | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:26:16:26:39 | documen ... .search | user-provided value |
| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:26:16:26:39 | documen ... .search | user-provided value |
| pages/[id].jsx:10:44:10:45 | id | pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:10:44:10:45 | id | Cross-site scripting vulnerability due to $@. | pages/[id].jsx:5:18:5:29 | router.query | user-provided value |
| pages/[id].jsx:13:44:13:52 | params.id | pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:13:44:13:52 | params.id | Cross-site scripting vulnerability due to $@. | pages/[id].jsx:25:11:25:24 | context.params | user-provided value |
| pages/[id].jsx:16:44:16:51 | params.q | pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:16:44:16:51 | params.q | Cross-site scripting vulnerability due to $@. | pages/[id].jsx:26:10:26:22 | context.query | user-provided value |
| react-native.js:8:18:8:24 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:8:18:8:24 | tainted | Cross-site scripting vulnerability due to $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
| react-native.js:9:27:9:33 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:9:27:9:33 | tainted | Cross-site scripting vulnerability due to $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
| react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | Cross-site scripting vulnerability due to $@. | react-use-context.js:10:22:10:32 | window.name | user-provided value |

98
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
View File

@@ -431,6 +431,22 @@ nodes
| jquery.js:34:5:34:25 | '<b>' + ... '</b>' |
| jquery.js:34:5:34:25 | '<b>' + ... '</b>' |
| jquery.js:34:13:34:16 | hash |
| json-stringify.jsx:5:9:5:36 | locale |
| json-stringify.jsx:5:9:5:36 | locale |
| json-stringify.jsx:5:18:5:36 | req.param("locale") |
| json-stringify.jsx:5:18:5:36 | req.param("locale") |
| json-stringify.jsx:5:18:5:36 | req.param("locale") |
| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` |
| json-stringify.jsx:11:51:11:56 | locale |
| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` |
| json-stringify.jsx:19:56:19:61 | locale |
| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) |
| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) |
| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) |
| json-stringify.jsx:31:55:31:60 | locale |
| json-stringify.jsx:31:55:31:60 | locale |
| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
| jwt-server.js:7:9:7:35 | taint |
| jwt-server.js:7:9:7:35 | taint |
| jwt-server.js:7:17:7:35 | req.param("wobble") |
@@ -500,6 +516,38 @@ nodes
| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) |
| optionalSanitizer.js:45:41:45:46 | target |
| optionalSanitizer.js:45:51:45:56 | target |
| pages/[id].jsx:5:9:5:14 | { id } |
| pages/[id].jsx:5:9:5:14 | { id } |
| pages/[id].jsx:5:9:5:29 | id |
| pages/[id].jsx:5:9:5:29 | id |
| pages/[id].jsx:5:11:5:12 | id |
| pages/[id].jsx:5:11:5:12 | id |
| pages/[id].jsx:5:18:5:29 | router.query |
| pages/[id].jsx:5:18:5:29 | router.query |
| pages/[id].jsx:5:18:5:29 | router.query |
| pages/[id].jsx:10:44:10:45 | id |
| pages/[id].jsx:10:44:10:45 | id |
| pages/[id].jsx:10:44:10:45 | id |
| pages/[id].jsx:13:44:13:52 | params.id |
| pages/[id].jsx:13:44:13:52 | params.id |
| pages/[id].jsx:13:44:13:52 | params.id |
| pages/[id].jsx:16:44:16:51 | params.q |
| pages/[id].jsx:16:44:16:51 | params.q |
| pages/[id].jsx:16:44:16:51 | params.q |
| pages/[id].jsx:25:11:25:24 | context.params |
| pages/[id].jsx:25:11:25:24 | context.params |
| pages/[id].jsx:25:11:25:24 | context.params |
| pages/[id].jsx:25:11:25:27 | context.params.id |
| pages/[id].jsx:25:11:25:27 | context.params.id |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" |
| pages/[id].jsx:26:10:26:22 | context.query |
| pages/[id].jsx:26:10:26:22 | context.query |
| pages/[id].jsx:26:10:26:22 | context.query |
| pages/[id].jsx:26:10:26:30 | context ... .foobar |
| pages/[id].jsx:26:10:26:30 | context ... .foobar |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" |
| react-native.js:7:7:7:33 | tainted |
| react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") |
@@ -1559,6 +1607,24 @@ edges
| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') |
| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '<b>' + ... '</b>' |
| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '<b>' + ... '</b>' |
| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale |
| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale |
| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale |
| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale |
| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale |
| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale |
| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale |
| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale |
| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` |
| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` |
| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) |
| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) |
| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) |
| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) |
| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint |
| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint |
| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint |
@@ -1632,6 +1698,38 @@ edges
| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) |
| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target |
| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target |
| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id |
| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id |
| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id |
| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id |
| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id |
| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id |
| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id |
| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id |
| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } |
| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } |
| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } |
| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } |
| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id |
| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id |
| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id |
| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id |
| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" |
| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id |
| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar |
| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar |
| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar |
| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar |
| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" |
| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted |

42
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/json-stringify.jsx Normal file
View File

@@ -0,0 +1,42 @@
var express = require("express");
var app = express();
app.get("/some/path", function (req, res) {
const locale = req.param("locale");
const breadcrumbList = [
{
"@type": "ListItem",
position: 1,
item: {
"@id": `https://example.com/some?locale=${locale}`,
name: "Some",
},
},
{
"@type": "ListItem",
position: 2,
item: {
"@id": `https://example.com/some/path?locale=${locale}`,
name: "Path",
},
},
];
const jsonLD = {
"@context": "https://schema.org",
"@type": "BreadcrumbList",
itemListElement: breadcrumbList,
};
<script
type="application/ld+json"
dangerouslySetInnerHTML={{ __html: JSON.stringify(locale) }} // NOT OK
/>;
<script
type="application/ld+json"
dangerouslySetInnerHTML={{ __html: JSON.stringify(jsonLD) }} // NOT OK
/>;
<script
type="application/ld+json"
dangerouslySetInnerHTML={{ __html: JSON.stringify({}) }} // OK
/>;
<script type="application/ld+json">{ JSON.stringify(jsonLD) }</script> // OK
});

14
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/package.json Normal file
View File

@@ -0,0 +1,14 @@
{
"name": "my-app",
"version": "0.1.0",
"scripts": {
"dev": "next dev",
"build": "next build",
"start": "next start"
},
"dependencies": {
"next": "^10.0.0",
"react": "17.0.1",
"react-dom": "17.0.1"
}
}

29
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/pages/[id].jsx Normal file
View File

@@ -0,0 +1,29 @@
import { useRouter } from 'next/router'
export default function Post(params) {
const router = useRouter()
const { id } = router.query
return (
<>
<div
dangerouslySetInnerHTML={{ __html: id }} // NOT OK
/>
<div
dangerouslySetInnerHTML={{ __html: params.id }} // NOT OK
/>
<div
dangerouslySetInnerHTML={{ __html: params.q }} // NOT OK
/>
</>
)
}
export async function getServerSideProps(context) {
return {
props: {
id: context.params.id || "",
q: context.query?.foobar || "",
}
}
}

108
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected
View File

@@ -440,57 +440,57 @@ edges
| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) |
| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) |
#select
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:17:31:17:39 | params.id | user-provided value |
| ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:22:12:22:19 | req.body | user-provided value |
| ReflectedXss.js:23:12:23:27 | marked(req.body) | ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:23:19:23:26 | req.body | user-provided value |
| ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:29:12:29:19 | req.body | user-provided value |
| ReflectedXss.js:34:12:34:18 | mytable | ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:34:12:34:18 | mytable | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:32:14:32:21 | req.body | user-provided value |
| ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:41:12:41:19 | req.body | user-provided value |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) | ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:42:31:42:38 | req.body | user-provided value |
| ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:56:12:56:19 | req.body | user-provided value |
| ReflectedXss.js:65:16:65:19 | file | ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:65:16:65:19 | file | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:64:14:64:21 | req.body | user-provided value |
| ReflectedXss.js:68:12:68:52 | remark( ... tring() | ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:52 | remark( ... tring() | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:68:33:68:40 | req.body | user-provided value |
| ReflectedXss.js:72:12:72:65 | unified ... oString | ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:65 | unified ... oString | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:72:48:72:55 | req.body | user-provided value |
| ReflectedXss.js:75:14:75:14 | f | ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:75:14:75:14 | f | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:74:20:74:27 | req.body | user-provided value |
| ReflectedXss.js:83:12:83:19 | req.body | ReflectedXss.js:83:12:83:19 | req.body | ReflectedXss.js:83:12:83:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:83:12:83:19 | req.body | user-provided value |
| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:84:22:84:29 | req.body | user-provided value |
| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:85:23:85:30 | req.body | user-provided value |
| ReflectedXss.js:97:12:97:19 | req.body | ReflectedXss.js:97:12:97:19 | req.body | ReflectedXss.js:97:12:97:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:97:12:97:19 | req.body | user-provided value |
| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:98:30:98:37 | req.body | user-provided value |
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:100:31:100:38 | req.body | user-provided value |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:103:76:103:83 | req.body | user-provided value |
| ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:110:16:110:30 | request.query.p | user-provided value |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | user-provided value |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | user-provided value |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | user-provided value |
| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | user-provided value |
| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | Cross-site scripting vulnerability due to $@. | ReflectedXssGood3.js:135:15:135:27 | req.params.id | user-provided value |
| etherpad.js:11:12:11:19 | response | etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:11:12:11:19 | response | Cross-site scripting vulnerability due to $@. | etherpad.js:9:16:9:30 | req.query.jsonp | user-provided value |
| formatting.js:6:14:6:47 | util.fo ... , evil) | formatting.js:4:16:4:29 | req.query.evil | formatting.js:6:14:6:47 | util.fo ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value |
| formatting.js:7:14:7:53 | require ... , evil) | formatting.js:4:16:4:29 | req.query.evil | formatting.js:7:14:7:53 | require ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value |
| live-server.js:6:13:6:50 | `<html> ... /html>` | live-server.js:4:21:4:27 | req.url | live-server.js:6:13:6:50 | `<html> ... /html>` | Cross-site scripting vulnerability due to $@. | live-server.js:4:21:4:27 | req.url | user-provided value |
| live-server.js:12:13:12:50 | `<html> ... /html>` | live-server.js:10:21:10:27 | req.url | live-server.js:12:13:12:50 | `<html> ... /html>` | Cross-site scripting vulnerability due to $@. | live-server.js:10:21:10:27 | req.url | user-provided value |
| pages/Next.jsx:8:13:8:19 | req.url | pages/Next.jsx:8:13:8:19 | req.url | pages/Next.jsx:8:13:8:19 | req.url | Cross-site scripting vulnerability due to $@. | pages/Next.jsx:8:13:8:19 | req.url | user-provided value |
| pages/Next.jsx:15:13:15:19 | req.url | pages/Next.jsx:15:13:15:19 | req.url | pages/Next.jsx:15:13:15:19 | req.url | Cross-site scripting vulnerability due to $@. | pages/Next.jsx:15:13:15:19 | req.url | user-provided value |
| pages/api/myapi.js:2:14:2:20 | req.url | pages/api/myapi.js:2:14:2:20 | req.url | pages/api/myapi.js:2:14:2:20 | req.url | Cross-site scripting vulnerability due to $@. | pages/api/myapi.js:2:14:2:20 | req.url | user-provided value |
| partial.js:10:14:10:18 | x + y | partial.js:13:42:13:48 | req.url | partial.js:10:14:10:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:13:42:13:48 | req.url | user-provided value |
| partial.js:19:14:19:18 | x + y | partial.js:22:51:22:57 | req.url | partial.js:19:14:19:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:22:51:22:57 | req.url | user-provided value |
| partial.js:28:14:28:18 | x + y | partial.js:31:47:31:53 | req.url | partial.js:28:14:28:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:31:47:31:53 | req.url | user-provided value |
| partial.js:37:14:37:18 | x + y | partial.js:40:43:40:49 | req.url | partial.js:37:14:37:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:40:43:40:49 | req.url | user-provided value |
| promises.js:6:25:6:25 | x | promises.js:5:44:5:57 | req.query.data | promises.js:6:25:6:25 | x | Cross-site scripting vulnerability due to $@. | promises.js:5:44:5:57 | req.query.data | user-provided value |
| tst2.js:7:12:7:12 | p | tst2.js:6:9:6:9 | p | tst2.js:7:12:7:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:6:9:6:9 | p | user-provided value |
| tst2.js:8:12:8:12 | r | tst2.js:6:12:6:15 | q: r | tst2.js:8:12:8:12 | r | Cross-site scripting vulnerability due to $@. | tst2.js:6:12:6:15 | q: r | user-provided value |
| tst2.js:18:12:18:12 | p | tst2.js:14:9:14:9 | p | tst2.js:18:12:18:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:14:9:14:9 | p | user-provided value |
| tst2.js:21:14:21:14 | p | tst2.js:14:9:14:9 | p | tst2.js:21:14:21:14 | p | Cross-site scripting vulnerability due to $@. | tst2.js:14:9:14:9 | p | user-provided value |
| tst2.js:36:12:36:12 | p | tst2.js:30:9:30:9 | p | tst2.js:36:12:36:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:30:9:30:9 | p | user-provided value |
| tst2.js:37:12:37:18 | other.p | tst2.js:30:9:30:9 | p | tst2.js:37:12:37:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:30:9:30:9 | p | user-provided value |
| tst2.js:51:12:51:17 | unsafe | tst2.js:43:9:43:9 | p | tst2.js:51:12:51:17 | unsafe | Cross-site scripting vulnerability due to $@. | tst2.js:43:9:43:9 | p | user-provided value |
| tst2.js:63:12:63:12 | p | tst2.js:57:9:57:9 | p | tst2.js:63:12:63:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:57:9:57:9 | p | user-provided value |
| tst2.js:64:12:64:18 | other.p | tst2.js:57:9:57:9 | p | tst2.js:64:12:64:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:57:9:57:9 | p | user-provided value |
| tst2.js:75:12:75:12 | p | tst2.js:69:9:69:9 | p | tst2.js:75:12:75:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:69:9:69:9 | p | user-provided value |
| tst2.js:76:12:76:18 | other.p | tst2.js:69:9:69:9 | p | tst2.js:76:12:76:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:69:9:69:9 | p | user-provided value |
| tst2.js:88:12:88:12 | p | tst2.js:82:9:82:9 | p | tst2.js:88:12:88:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:82:9:82:9 | p | user-provided value |
| tst2.js:89:12:89:18 | other.p | tst2.js:82:9:82:9 | p | tst2.js:89:12:89:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:82:9:82:9 | p | user-provided value |
| tst3.js:6:12:6:12 | p | tst3.js:5:9:5:9 | p | tst3.js:6:12:6:12 | p | Cross-site scripting vulnerability due to $@. | tst3.js:5:9:5:9 | p | user-provided value |
| tst3.js:12:12:12:15 | code | tst3.js:11:32:11:39 | reg.body | tst3.js:12:12:12:15 | code | Cross-site scripting vulnerability due to $@. | tst3.js:11:32:11:39 | reg.body | user-provided value |
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:17:31:17:39 | params.id | user-provided value |
| ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:22:12:22:19 | req.body | user-provided value |
| ReflectedXss.js:23:12:23:27 | marked(req.body) | ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:23:19:23:26 | req.body | user-provided value |
| ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:29:12:29:19 | req.body | user-provided value |
| ReflectedXss.js:34:12:34:18 | mytable | ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:34:12:34:18 | mytable | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:32:14:32:21 | req.body | user-provided value |
| ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:41:12:41:19 | req.body | user-provided value |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) | ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:42:31:42:38 | req.body | user-provided value |
| ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:56:12:56:19 | req.body | user-provided value |
| ReflectedXss.js:65:16:65:19 | file | ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:65:16:65:19 | file | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:64:14:64:21 | req.body | user-provided value |
| ReflectedXss.js:68:12:68:52 | remark( ... tring() | ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:52 | remark( ... tring() | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:68:33:68:40 | req.body | user-provided value |
| ReflectedXss.js:72:12:72:65 | unified ... oString | ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:65 | unified ... oString | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:72:48:72:55 | req.body | user-provided value |
| ReflectedXss.js:75:14:75:14 | f | ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:75:14:75:14 | f | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:74:20:74:27 | req.body | user-provided value |
| ReflectedXss.js:83:12:83:19 | req.body | ReflectedXss.js:83:12:83:19 | req.body | ReflectedXss.js:83:12:83:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:83:12:83:19 | req.body | user-provided value |
| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:84:22:84:29 | req.body | user-provided value |
| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:85:23:85:30 | req.body | user-provided value |
| ReflectedXss.js:97:12:97:19 | req.body | ReflectedXss.js:97:12:97:19 | req.body | ReflectedXss.js:97:12:97:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:97:12:97:19 | req.body | user-provided value |
| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:98:30:98:37 | req.body | user-provided value |
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:100:31:100:38 | req.body | user-provided value |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:103:76:103:83 | req.body | user-provided value |
| ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:110:16:110:30 | request.query.p | user-provided value |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | user-provided value |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | user-provided value |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | user-provided value |
| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | user-provided value |
| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | Cross-site scripting vulnerability due to a $@. | ReflectedXssGood3.js:135:15:135:27 | req.params.id | user-provided value |
| etherpad.js:11:12:11:19 | response | etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:11:12:11:19 | response | Cross-site scripting vulnerability due to a $@. | etherpad.js:9:16:9:30 | req.query.jsonp | user-provided value |
| formatting.js:6:14:6:47 | util.fo ... , evil) | formatting.js:4:16:4:29 | req.query.evil | formatting.js:6:14:6:47 | util.fo ... , evil) | Cross-site scripting vulnerability due to a $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value |
| formatting.js:7:14:7:53 | require ... , evil) | formatting.js:4:16:4:29 | req.query.evil | formatting.js:7:14:7:53 | require ... , evil) | Cross-site scripting vulnerability due to a $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value |
| live-server.js:6:13:6:50 | `<html> ... /html>` | live-server.js:4:21:4:27 | req.url | live-server.js:6:13:6:50 | `<html> ... /html>` | Cross-site scripting vulnerability due to a $@. | live-server.js:4:21:4:27 | req.url | user-provided value |
| live-server.js:12:13:12:50 | `<html> ... /html>` | live-server.js:10:21:10:27 | req.url | live-server.js:12:13:12:50 | `<html> ... /html>` | Cross-site scripting vulnerability due to a $@. | live-server.js:10:21:10:27 | req.url | user-provided value |
| pages/Next.jsx:8:13:8:19 | req.url | pages/Next.jsx:8:13:8:19 | req.url | pages/Next.jsx:8:13:8:19 | req.url | Cross-site scripting vulnerability due to a $@. | pages/Next.jsx:8:13:8:19 | req.url | user-provided value |
| pages/Next.jsx:15:13:15:19 | req.url | pages/Next.jsx:15:13:15:19 | req.url | pages/Next.jsx:15:13:15:19 | req.url | Cross-site scripting vulnerability due to a $@. | pages/Next.jsx:15:13:15:19 | req.url | user-provided value |
| pages/api/myapi.js:2:14:2:20 | req.url | pages/api/myapi.js:2:14:2:20 | req.url | pages/api/myapi.js:2:14:2:20 | req.url | Cross-site scripting vulnerability due to a $@. | pages/api/myapi.js:2:14:2:20 | req.url | user-provided value |
| partial.js:10:14:10:18 | x + y | partial.js:13:42:13:48 | req.url | partial.js:10:14:10:18 | x + y | Cross-site scripting vulnerability due to a $@. | partial.js:13:42:13:48 | req.url | user-provided value |
| partial.js:19:14:19:18 | x + y | partial.js:22:51:22:57 | req.url | partial.js:19:14:19:18 | x + y | Cross-site scripting vulnerability due to a $@. | partial.js:22:51:22:57 | req.url | user-provided value |
| partial.js:28:14:28:18 | x + y | partial.js:31:47:31:53 | req.url | partial.js:28:14:28:18 | x + y | Cross-site scripting vulnerability due to a $@. | partial.js:31:47:31:53 | req.url | user-provided value |
| partial.js:37:14:37:18 | x + y | partial.js:40:43:40:49 | req.url | partial.js:37:14:37:18 | x + y | Cross-site scripting vulnerability due to a $@. | partial.js:40:43:40:49 | req.url | user-provided value |
| promises.js:6:25:6:25 | x | promises.js:5:44:5:57 | req.query.data | promises.js:6:25:6:25 | x | Cross-site scripting vulnerability due to a $@. | promises.js:5:44:5:57 | req.query.data | user-provided value |
| tst2.js:7:12:7:12 | p | tst2.js:6:9:6:9 | p | tst2.js:7:12:7:12 | p | Cross-site scripting vulnerability due to a $@. | tst2.js:6:9:6:9 | p | user-provided value |
| tst2.js:8:12:8:12 | r | tst2.js:6:12:6:15 | q: r | tst2.js:8:12:8:12 | r | Cross-site scripting vulnerability due to a $@. | tst2.js:6:12:6:15 | q: r | user-provided value |
| tst2.js:18:12:18:12 | p | tst2.js:14:9:14:9 | p | tst2.js:18:12:18:12 | p | Cross-site scripting vulnerability due to a $@. | tst2.js:14:9:14:9 | p | user-provided value |
| tst2.js:21:14:21:14 | p | tst2.js:14:9:14:9 | p | tst2.js:21:14:21:14 | p | Cross-site scripting vulnerability due to a $@. | tst2.js:14:9:14:9 | p | user-provided value |
| tst2.js:36:12:36:12 | p | tst2.js:30:9:30:9 | p | tst2.js:36:12:36:12 | p | Cross-site scripting vulnerability due to a $@. | tst2.js:30:9:30:9 | p | user-provided value |
| tst2.js:37:12:37:18 | other.p | tst2.js:30:9:30:9 | p | tst2.js:37:12:37:18 | other.p | Cross-site scripting vulnerability due to a $@. | tst2.js:30:9:30:9 | p | user-provided value |
| tst2.js:51:12:51:17 | unsafe | tst2.js:43:9:43:9 | p | tst2.js:51:12:51:17 | unsafe | Cross-site scripting vulnerability due to a $@. | tst2.js:43:9:43:9 | p | user-provided value |
| tst2.js:63:12:63:12 | p | tst2.js:57:9:57:9 | p | tst2.js:63:12:63:12 | p | Cross-site scripting vulnerability due to a $@. | tst2.js:57:9:57:9 | p | user-provided value |
| tst2.js:64:12:64:18 | other.p | tst2.js:57:9:57:9 | p | tst2.js:64:12:64:18 | other.p | Cross-site scripting vulnerability due to a $@. | tst2.js:57:9:57:9 | p | user-provided value |
| tst2.js:75:12:75:12 | p | tst2.js:69:9:69:9 | p | tst2.js:75:12:75:12 | p | Cross-site scripting vulnerability due to a $@. | tst2.js:69:9:69:9 | p | user-provided value |
| tst2.js:76:12:76:18 | other.p | tst2.js:69:9:69:9 | p | tst2.js:76:12:76:18 | other.p | Cross-site scripting vulnerability due to a $@. | tst2.js:69:9:69:9 | p | user-provided value |
| tst2.js:88:12:88:12 | p | tst2.js:82:9:82:9 | p | tst2.js:88:12:88:12 | p | Cross-site scripting vulnerability due to a $@. | tst2.js:82:9:82:9 | p | user-provided value |
| tst2.js:89:12:89:18 | other.p | tst2.js:82:9:82:9 | p | tst2.js:89:12:89:18 | other.p | Cross-site scripting vulnerability due to a $@. | tst2.js:82:9:82:9 | p | user-provided value |
| tst3.js:6:12:6:12 | p | tst3.js:5:9:5:9 | p | tst3.js:6:12:6:12 | p | Cross-site scripting vulnerability due to a $@. | tst3.js:5:9:5:9 | p | user-provided value |
| tst3.js:12:12:12:15 | code | tst3.js:11:32:11:39 | reg.body | tst3.js:12:12:12:15 | code | Cross-site scripting vulnerability due to a $@. | tst3.js:11:32:11:39 | reg.body | user-provided value |

44
javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected
View File

@@ -197,25 +197,25 @@ edges
| typed.ts:16:11:16:21 | s | typed.ts:17:29:17:29 | s |
| typed.ts:16:15:16:21 | id("x") | typed.ts:16:11:16:21 | s |
#select
| jquery-plugin.js:12:31:12:41 | options.foo | jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:41 | options.foo | $@ which depends on $@ might later allow $@. | jquery-plugin.js:12:31:12:41 | options.foo | HTML construction | jquery-plugin.js:11:34:11:40 | options | library input | jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | cross-site scripting |
| jquery-plugin.js:14:31:14:35 | stuff | jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | $@ which depends on $@ might later allow $@. | jquery-plugin.js:14:31:14:35 | stuff | HTML construction | jquery-plugin.js:11:27:11:31 | stuff | library input | jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | cross-site scripting |
| lib2/index.ts:2:29:2:29 | s | lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:29:2:29 | s | $@ which depends on $@ might later allow $@. | lib2/index.ts:2:29:2:29 | s | HTML construction | lib2/index.ts:1:28:1:28 | s | library input | lib2/index.ts:3:49:3:52 | html | cross-site scripting |
| lib/src/MyNode.ts:2:29:2:29 | s | lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | $@ which depends on $@ might later allow $@. | lib/src/MyNode.ts:2:29:2:29 | s | HTML construction | lib/src/MyNode.ts:1:28:1:28 | s | library input | lib/src/MyNode.ts:3:49:3:52 | html | cross-site scripting |
| main.js:2:29:2:29 | s | main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | $@ which depends on $@ might later allow $@. | main.js:2:29:2:29 | s | HTML construction | main.js:1:55:1:55 | s | library input | main.js:3:49:3:52 | html | cross-site scripting |
| main.js:7:49:7:49 | s | main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | $@ which depends on $@ might later allow $@. | main.js:7:49:7:49 | s | XML parsing | main.js:6:49:6:49 | s | library input | main.js:8:48:8:66 | doc.documentElement | cross-site scripting |
| main.js:12:49:12:49 | s | main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | $@ which depends on $@ might later allow $@. | main.js:12:49:12:49 | s | XML parsing | main.js:11:60:11:60 | s | library input | main.js:16:21:16:35 | xml.cloneNode() | cross-site scripting |
| main.js:12:49:12:49 | s | main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | $@ which depends on $@ might later allow $@. | main.js:12:49:12:49 | s | XML parsing | main.js:11:60:11:60 | s | library input | main.js:17:48:17:50 | tmp | cross-site scripting |
| main.js:22:34:22:34 | s | main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | $@ which depends on $@ might later allow $@. | main.js:22:34:22:34 | s | Markdown rendering | main.js:21:47:21:47 | s | library input | main.js:23:53:23:56 | html | cross-site scripting |
| main.js:47:65:47:73 | this.step | main.js:52:41:52:41 | s | main.js:47:65:47:73 | this.step | $@ which depends on $@ might later allow $@. | main.js:47:65:47:73 | this.step | HTML construction | main.js:52:41:52:41 | s | library input | main.js:47:54:47:85 | "<span> ... /span>" | cross-site scripting |
| main.js:62:19:62:31 | settings.name | main.js:56:28:56:34 | options | main.js:62:19:62:31 | settings.name | $@ which depends on $@ might later allow $@. | main.js:62:19:62:31 | settings.name | HTML construction | main.js:56:28:56:34 | options | library input | main.js:62:11:62:40 | "<b>" + ... "</b>" | cross-site scripting |
| main.js:67:63:67:69 | attrVal | main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | $@ which depends on $@ might later allow $@. | main.js:67:63:67:69 | attrVal | HTML construction | main.js:66:35:66:41 | attrVal | library input | main.js:67:47:67:78 | "<img a ... "\\"/>" | cross-site scripting |
| main.js:81:35:81:37 | val | main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | $@ which depends on $@ might later allow $@. | main.js:81:35:81:37 | val | HTML construction | main.js:79:34:79:36 | val | library input | main.js:81:24:81:49 | "<span> ... /span>" | cross-site scripting |
| main.js:90:23:90:23 | x | main.js:93:43:93:43 | x | main.js:90:23:90:23 | x | $@ which depends on $@ might later allow $@. | main.js:90:23:90:23 | x | HTML construction | main.js:93:43:93:43 | x | library input | main.js:94:20:94:32 | createHTML(x) | cross-site scripting |
| main.js:99:28:99:28 | x | main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | $@ which depends on $@ might later allow $@. | main.js:99:28:99:28 | x | Markdown rendering | main.js:98:43:98:43 | x | library input | main.js:100:24:100:26 | svg | cross-site scripting |
| main.js:103:43:103:43 | x | main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | $@ which depends on $@ might later allow $@. | main.js:103:43:103:43 | x | Markdown rendering | main.js:98:43:98:43 | x | library input | main.js:103:20:103:44 | myMerma ... id", x) | cross-site scripting |
| main.js:105:26:105:26 | x | main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | $@ which depends on $@ might later allow $@. | main.js:105:26:105:26 | x | Markdown rendering | main.js:98:43:98:43 | x | library input | main.js:106:24:106:26 | svg | cross-site scripting |
| main.js:109:41:109:41 | x | main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | $@ which depends on $@ might later allow $@. | main.js:109:41:109:41 | x | Markdown rendering | main.js:98:43:98:43 | x | library input | main.js:109:20:109:42 | mermaid ... id", x) | cross-site scripting |
| main.js:111:37:111:37 | x | main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | $@ which depends on $@ might later allow $@. | main.js:111:37:111:37 | x | Markdown rendering | main.js:98:43:98:43 | x | library input | main.js:112:24:112:26 | svg | cross-site scripting |
| main.js:117:34:117:34 | s | main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | $@ which depends on $@ might later allow $@. | main.js:117:34:117:34 | s | Markdown rendering | main.js:116:47:116:47 | s | library input | main.js:118:53:118:56 | html | cross-site scripting |
| typed.ts:2:29:2:29 | s | typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | $@ which depends on $@ might later allow $@. | typed.ts:2:29:2:29 | s | HTML construction | typed.ts:1:39:1:39 | s | library input | typed.ts:3:31:3:34 | html | cross-site scripting |
| typed.ts:8:40:8:40 | s | typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | $@ which depends on $@ might later allow $@. | typed.ts:8:40:8:40 | s | HTML construction | typed.ts:6:43:6:43 | s | library input | typed.ts:8:29:8:52 | "<span> ... /span>" | cross-site scripting |
| jquery-plugin.js:12:31:12:41 | options.foo | jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:41 | options.foo | This HTML construction which depends on $@ might later allow $@. | jquery-plugin.js:11:34:11:40 | options | library input | jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | cross-site scripting |
| jquery-plugin.js:14:31:14:35 | stuff | jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | This HTML construction which depends on $@ might later allow $@. | jquery-plugin.js:11:27:11:31 | stuff | library input | jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | cross-site scripting |
| lib2/index.ts:2:29:2:29 | s | lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:29:2:29 | s | This HTML construction which depends on $@ might later allow $@. | lib2/index.ts:1:28:1:28 | s | library input | lib2/index.ts:3:49:3:52 | html | cross-site scripting |
| lib/src/MyNode.ts:2:29:2:29 | s | lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | This HTML construction which depends on $@ might later allow $@. | lib/src/MyNode.ts:1:28:1:28 | s | library input | lib/src/MyNode.ts:3:49:3:52 | html | cross-site scripting |
| main.js:2:29:2:29 | s | main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | This HTML construction which depends on $@ might later allow $@. | main.js:1:55:1:55 | s | library input | main.js:3:49:3:52 | html | cross-site scripting |
| main.js:7:49:7:49 | s | main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:6:49:6:49 | s | library input | main.js:8:48:8:66 | doc.documentElement | cross-site scripting |
| main.js:12:49:12:49 | s | main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:16:21:16:35 | xml.cloneNode() | cross-site scripting |
| main.js:12:49:12:49 | s | main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:17:48:17:50 | tmp | cross-site scripting |
| main.js:22:34:22:34 | s | main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | This markdown rendering which depends on $@ might later allow $@. | main.js:21:47:21:47 | s | library input | main.js:23:53:23:56 | html | cross-site scripting |
| main.js:47:65:47:73 | this.step | main.js:52:41:52:41 | s | main.js:47:65:47:73 | this.step | This HTML construction which depends on $@ might later allow $@. | main.js:52:41:52:41 | s | library input | main.js:47:54:47:85 | "<span> ... /span>" | cross-site scripting |
| main.js:62:19:62:31 | settings.name | main.js:56:28:56:34 | options | main.js:62:19:62:31 | settings.name | This HTML construction which depends on $@ might later allow $@. | main.js:56:28:56:34 | options | library input | main.js:62:11:62:40 | "<b>" + ... "</b>" | cross-site scripting |
| main.js:67:63:67:69 | attrVal | main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | This HTML construction which depends on $@ might later allow $@. | main.js:66:35:66:41 | attrVal | library input | main.js:67:47:67:78 | "<img a ... "\\"/>" | cross-site scripting |
| main.js:81:35:81:37 | val | main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | This HTML construction which depends on $@ might later allow $@. | main.js:79:34:79:36 | val | library input | main.js:81:24:81:49 | "<span> ... /span>" | cross-site scripting |
| main.js:90:23:90:23 | x | main.js:93:43:93:43 | x | main.js:90:23:90:23 | x | This HTML construction which depends on $@ might later allow $@. | main.js:93:43:93:43 | x | library input | main.js:94:20:94:32 | createHTML(x) | cross-site scripting |
| main.js:99:28:99:28 | x | main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | This markdown rendering which depends on $@ might later allow $@. | main.js:98:43:98:43 | x | library input | main.js:100:24:100:26 | svg | cross-site scripting |
| main.js:103:43:103:43 | x | main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | This markdown rendering which depends on $@ might later allow $@. | main.js:98:43:98:43 | x | library input | main.js:103:20:103:44 | myMerma ... id", x) | cross-site scripting |
| main.js:105:26:105:26 | x | main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | This markdown rendering which depends on $@ might later allow $@. | main.js:98:43:98:43 | x | library input | main.js:106:24:106:26 | svg | cross-site scripting |
| main.js:109:41:109:41 | x | main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | This markdown rendering which depends on $@ might later allow $@. | main.js:98:43:98:43 | x | library input | main.js:109:20:109:42 | mermaid ... id", x) | cross-site scripting |
| main.js:111:37:111:37 | x | main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | This markdown rendering which depends on $@ might later allow $@. | main.js:98:43:98:43 | x | library input | main.js:112:24:112:26 | svg | cross-site scripting |
| main.js:117:34:117:34 | s | main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | This markdown rendering which depends on $@ might later allow $@. | main.js:116:47:116:47 | s | library input | main.js:118:53:118:56 | html | cross-site scripting |
| typed.ts:2:29:2:29 | s | typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | This HTML construction which depends on $@ might later allow $@. | typed.ts:1:39:1:39 | s | library input | typed.ts:3:31:3:34 | html | cross-site scripting |
| typed.ts:8:40:8:40 | s | typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | This HTML construction which depends on $@ might later allow $@. | typed.ts:6:43:6:43 | s | library input | typed.ts:8:29:8:52 | "<span> ... /span>" | cross-site scripting |

6
javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected
View File

@@ -37,6 +37,6 @@ edges
| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } |
| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } |
#select
| typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query depends on $@. | typedClient.ts:13:22:13:29 | req.body | a user-provided value |
| typedClient.ts:22:27:22:35 | { id: v } | typedClient.ts:21:22:21:29 | req.body | typedClient.ts:22:27:22:35 | { id: v } | This query depends on $@. | typedClient.ts:21:22:21:29 | req.body | a user-provided value |
| typedClient.ts:23:27:23:35 | { id: v } | typedClient.ts:21:22:21:29 | req.body | typedClient.ts:23:27:23:35 | { id: v } | This query depends on $@. | typedClient.ts:21:22:21:29 | req.body | a user-provided value |
| typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query depends on a $@. | typedClient.ts:13:22:13:29 | req.body | user-provided value |
| typedClient.ts:22:27:22:35 | { id: v } | typedClient.ts:21:22:21:29 | req.body | typedClient.ts:22:27:22:35 | { id: v } | This query depends on a $@. | typedClient.ts:21:22:21:29 | req.body | user-provided value |
| typedClient.ts:23:27:23:35 | { id: v } | typedClient.ts:21:22:21:29 | req.body | typedClient.ts:23:27:23:35 | { id: v } | This query depends on a $@. | typedClient.ts:21:22:21:29 | req.body | user-provided value |

4
javascript/ql/test/query-tests/Security/CWE-089/untyped/DatabaseAccesses.expected
View File

@@ -6,8 +6,8 @@
| json-schema-validator.js:55:13:55:27 | doc.find(query) |
| json-schema-validator.js:59:13:59:27 | doc.find(query) |
| json-schema-validator.js:61:13:61:27 | doc.find(query) |
| marsdb-flow-to.js:14:3:14:22 | db.myDoc.find(query) |
| marsdb.js:16:3:16:17 | doc.find(query) |
| marsdb-flow-to.js:14:3:14:41 | db.myDo ... => {}) |
| marsdb.js:16:3:16:36 | doc.fin ... => {}) |
| minimongo.js:18:3:18:17 | doc.find(query) |
| mongodb.js:18:7:18:21 | doc.find(query) |
| mongodb.js:21:7:21:48 | doc.fin ... itle }) |

248
javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected
View File

@@ -913,127 +913,127 @@ edges
| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
#select
| graphql.js:10:34:20:5 | `\\n ... }\\n ` | graphql.js:8:16:8:28 | req.params.id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | This query depends on $@. | graphql.js:8:16:8:28 | req.params.id | a user-provided value |
| graphql.js:27:30:27:40 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:27:30:27:40 | `foo ${id}` | This query depends on $@. | graphql.js:26:16:26:28 | req.params.id | a user-provided value |
| graphql.js:30:32:30:42 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:30:32:30:42 | `foo ${id}` | This query depends on $@. | graphql.js:26:16:26:28 | req.params.id | a user-provided value |
| graphql.js:33:18:33:28 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:33:18:33:28 | `foo ${id}` | This query depends on $@. | graphql.js:26:16:26:28 | req.params.id | a user-provided value |
| graphql.js:44:14:44:24 | `foo ${id}` | graphql.js:39:16:39:28 | req.params.id | graphql.js:44:14:44:24 | `foo ${id}` | This query depends on $@. | graphql.js:39:16:39:28 | req.params.id | a user-provided value |
| graphql.js:48:44:48:54 | `foo ${id}` | graphql.js:39:16:39:28 | req.params.id | graphql.js:48:44:48:54 | `foo ${id}` | This query depends on $@. | graphql.js:39:16:39:28 | req.params.id | a user-provided value |
| graphql.js:56:39:56:49 | `foo ${id}` | graphql.js:55:16:55:28 | req.params.id | graphql.js:56:39:56:49 | `foo ${id}` | This query depends on $@. | graphql.js:55:16:55:28 | req.params.id | a user-provided value |
| graphql.js:58:66:58:76 | `foo ${id}` | graphql.js:55:16:55:28 | req.params.id | graphql.js:58:66:58:76 | `foo ${id}` | This query depends on $@. | graphql.js:55:16:55:28 | req.params.id | a user-provided value |
| graphql.js:75:46:75:64 | "{ foo" + id + " }" | graphql.js:74:14:74:25 | req.query.id | graphql.js:75:46:75:64 | "{ foo" + id + " }" | This query depends on $@. | graphql.js:74:14:74:25 | req.query.id | a user-provided value |
| graphql.js:84:14:90:8 | `{\\n ... }` | graphql.js:74:14:74:25 | req.query.id | graphql.js:84:14:90:8 | `{\\n ... }` | This query depends on $@. | graphql.js:74:14:74:25 | req.query.id | a user-provided value |
| graphql.js:120:38:120:48 | `foo ${id}` | graphql.js:119:16:119:28 | req.params.id | graphql.js:120:38:120:48 | `foo ${id}` | This query depends on $@. | graphql.js:119:16:119:28 | req.params.id | a user-provided value |
| json-schema-validator.js:33:22:33:26 | query | json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:33:22:33:26 | query | This query depends on $@. | json-schema-validator.js:25:34:25:47 | req.query.data | a user-provided value |
| json-schema-validator.js:35:18:35:22 | query | json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:35:18:35:22 | query | This query depends on $@. | json-schema-validator.js:25:34:25:47 | req.query.data | a user-provided value |
| json-schema-validator.js:55:22:55:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:55:22:55:26 | query | This query depends on $@. | json-schema-validator.js:50:34:50:47 | req.query.data | a user-provided value |
| json-schema-validator.js:59:22:59:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:59:22:59:26 | query | This query depends on $@. | json-schema-validator.js:50:34:50:47 | req.query.data | a user-provided value |
| json-schema-validator.js:61:22:61:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:61:22:61:26 | query | This query depends on $@. | json-schema-validator.js:50:34:50:47 | req.query.data | a user-provided value |
| ldap.js:28:30:28:34 | opts1 | ldap.js:20:21:20:27 | req.url | ldap.js:28:30:28:34 | opts1 | This query depends on $@. | ldap.js:20:21:20:27 | req.url | a user-provided value |
| ldap.js:32:5:32:61 | { filte ... e}))` } | ldap.js:20:21:20:27 | req.url | ldap.js:32:5:32:61 | { filte ... e}))` } | This query depends on $@. | ldap.js:20:21:20:27 | req.url | a user-provided value |
| ldap.js:66:30:66:53 | { filte ... ilter } | ldap.js:20:21:20:27 | req.url | ldap.js:66:30:66:53 | { filte ... ilter } | This query depends on $@. | ldap.js:20:21:20:27 | req.url | a user-provided value |
| ldap.js:68:27:68:42 | `cn=${username}` | ldap.js:20:21:20:27 | req.url | ldap.js:68:27:68:42 | `cn=${username}` | This query depends on $@. | ldap.js:20:21:20:27 | req.url | a user-provided value |
| marsdb-flow-to.js:14:17:14:21 | query | marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:14:17:14:21 | query | This query depends on $@. | marsdb-flow-to.js:11:17:11:24 | req.body | a user-provided value |
| marsdb.js:16:12:16:16 | query | marsdb.js:13:17:13:24 | req.body | marsdb.js:16:12:16:16 | query | This query depends on $@. | marsdb.js:13:17:13:24 | req.body | a user-provided value |
| minimongo.js:18:12:18:16 | query | minimongo.js:15:17:15:24 | req.body | minimongo.js:18:12:18:16 | query | This query depends on $@. | minimongo.js:15:17:15:24 | req.body | a user-provided value |
| mongodb.js:18:16:18:20 | query | mongodb.js:13:19:13:26 | req.body | mongodb.js:18:16:18:20 | query | This query depends on $@. | mongodb.js:13:19:13:26 | req.body | a user-provided value |
| mongodb.js:32:18:32:45 | { title ... itle) } | mongodb.js:26:19:26:26 | req.body | mongodb.js:32:18:32:45 | { title ... itle) } | This query depends on $@. | mongodb.js:26:19:26:26 | req.body | a user-provided value |
| mongodb.js:54:16:54:20 | query | mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | This query depends on $@. | mongodb.js:49:19:49:33 | req.query.title | a user-provided value |
| mongodb.js:65:12:65:16 | query | mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | This query depends on $@. | mongodb.js:60:16:60:30 | req.query.title | a user-provided value |
| mongodb.js:77:14:77:26 | { tags: tag } | mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:77:14:77:26 | { tags: tag } | This query depends on $@. | mongodb.js:70:13:70:25 | req.query.tag | a user-provided value |
| mongodb.js:85:12:85:24 | { tags: tag } | mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:85:12:85:24 | { tags: tag } | This query depends on $@. | mongodb.js:70:13:70:25 | req.query.tag | a user-provided value |
| mongodb.js:112:14:112:18 | query | mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | This query depends on $@. | mongodb.js:107:17:107:29 | queries.title | a user-provided value |
| mongodb_bodySafe.js:29:16:29:20 | query | mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | This query depends on $@. | mongodb_bodySafe.js:24:19:24:33 | req.query.title | a user-provided value |
| mongoose.js:24:24:24:30 | [query] | mongoose.js:21:19:21:26 | req.body | mongoose.js:24:24:24:30 | [query] | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:27:20:27:24 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:27:20:27:24 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:30:25:30:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:30:25:30:29 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:33:24:33:28 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:33:24:33:28 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:36:31:36:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:36:31:36:35 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:39:19:39:23 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:39:19:39:23 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:42:22:42:26 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:42:22:42:26 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:45:31:45:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:45:31:45:35 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:48:31:48:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:48:31:48:35 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:51:31:51:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:51:31:51:35 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:54:25:54:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:54:25:54:29 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:57:21:57:25 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:57:21:57:25 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:60:25:60:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:60:25:60:29 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:63:21:63:25 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:63:21:63:25 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:65:32:65:36 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:65:32:65:36 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:67:27:67:31 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:67:27:67:31 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:68:8:68:12 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:68:8:68:12 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:71:20:71:24 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:71:20:71:24 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:72:16:72:20 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:72:16:72:20 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:73:8:73:12 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:73:8:73:12 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:74:7:74:11 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:74:7:74:11 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:75:16:75:20 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:75:16:75:20 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:77:10:77:14 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:77:10:77:14 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:82:46:82:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:82:46:82:50 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:83:47:83:51 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:83:47:83:51 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:85:46:85:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:85:46:85:50 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:87:51:87:55 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:87:51:87:55 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:89:46:89:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:89:46:89:50 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:92:46:92:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:92:46:92:50 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:94:51:94:55 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:94:51:94:55 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:96:46:96:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:96:46:96:50 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:111:14:111:18 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:111:14:111:18 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:113:31:113:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:113:31:113:35 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:116:22:116:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:116:22:116:25 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
| mongoose.js:117:21:117:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:117:21:117:24 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
| mongoose.js:118:21:118:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:118:21:118:24 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
| mongoose.js:119:18:119:21 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:119:18:119:21 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
| mongoose.js:120:22:120:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:120:22:120:25 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
| mongoose.js:121:16:121:19 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:121:16:121:19 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
| mongoose.js:122:19:122:22 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:122:19:122:22 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
| mongoose.js:123:20:123:21 | id | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:123:20:123:21 | id | This query depends on $@. | mongoose.js:115:11:115:22 | req.query.id | a user-provided value |
| mongoose.js:124:28:124:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:124:28:124:31 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
| mongoose.js:125:28:125:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:125:28:125:31 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
| mongoose.js:126:28:126:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:126:28:126:31 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
| mongoose.js:127:18:127:21 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:127:18:127:21 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
| mongoose.js:128:22:128:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:128:22:128:25 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
| mongoose.js:129:21:129:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:129:21:129:24 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
| mongoose.js:130:16:130:26 | { _id: id } | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:130:16:130:26 | { _id: id } | This query depends on $@. | mongoose.js:115:11:115:22 | req.query.id | a user-provided value |
| mongooseJsonParse.js:23:19:23:23 | query | mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:23:19:23:23 | query | This query depends on $@. | mongooseJsonParse.js:20:30:20:43 | req.query.data | a user-provided value |
| mongooseModelClient.js:11:16:11:24 | { id: v } | mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:11:16:11:24 | { id: v } | This query depends on $@. | mongooseModelClient.js:10:22:10:29 | req.body | a user-provided value |
| mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | This query depends on $@. | mongooseModelClient.js:12:22:12:29 | req.body | a user-provided value |
| mysql.js:15:18:15:65 | 'SELECT ... + temp | mysql.js:6:16:6:31 | req.params.value | mysql.js:15:18:15:65 | 'SELECT ... + temp | This query depends on $@. | mysql.js:6:16:6:31 | req.params.value | a user-provided value |
| mysql.js:19:26:19:73 | 'SELECT ... + temp | mysql.js:6:16:6:31 | req.params.value | mysql.js:19:26:19:73 | 'SELECT ... + temp | This query depends on $@. | mysql.js:6:16:6:31 | req.params.value | a user-provided value |
| pg-promise-types.ts:8:17:8:21 | taint | pg-promise-types.ts:7:17:7:28 | req.params.x | pg-promise-types.ts:8:17:8:21 | taint | This query depends on $@. | pg-promise-types.ts:7:17:7:28 | req.params.x | a user-provided value |
| pg-promise.js:9:10:9:14 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:9:10:9:14 | query | This query depends on $@. | pg-promise.js:7:16:7:34 | req.params.category | a user-provided value |
| pg-promise.js:10:11:10:15 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:10:11:10:15 | query | This query depends on $@. | pg-promise.js:7:16:7:34 | req.params.category | a user-provided value |
| pg-promise.js:11:17:11:21 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:11:17:11:21 | query | This query depends on $@. | pg-promise.js:7:16:7:34 | req.params.category | a user-provided value |
| pg-promise.js:12:10:12:14 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:12:10:12:14 | query | This query depends on $@. | pg-promise.js:7:16:7:34 | req.params.category | a user-provided value |
| pg-promise.js:13:12:13:16 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:13:12:13:16 | query | This query depends on $@. | pg-promise.js:7:16:7:34 | req.params.category | a user-provided value |
| pg-promise.js:14:18:14:22 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:14:18:14:22 | query | This query depends on $@. | pg-promise.js:7:16:7:34 | req.params.category | a user-provided value |
| pg-promise.js:15:11:15:15 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:15:11:15:15 | query | This query depends on $@. | pg-promise.js:7:16:7:34 | req.params.category | a user-provided value |
| pg-promise.js:16:10:16:14 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:16:10:16:14 | query | This query depends on $@. | pg-promise.js:7:16:7:34 | req.params.category | a user-provided value |
| pg-promise.js:17:16:17:20 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:17:16:17:20 | query | This query depends on $@. | pg-promise.js:7:16:7:34 | req.params.category | a user-provided value |
| pg-promise.js:18:12:18:16 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:18:12:18:16 | query | This query depends on $@. | pg-promise.js:7:16:7:34 | req.params.category | a user-provided value |
| pg-promise.js:19:13:19:17 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:19:13:19:17 | query | This query depends on $@. | pg-promise.js:7:16:7:34 | req.params.category | a user-provided value |
| pg-promise.js:22:11:22:15 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:22:11:22:15 | query | This query depends on $@. | pg-promise.js:7:16:7:34 | req.params.category | a user-provided value |
| pg-promise.js:30:13:30:25 | req.params.id | pg-promise.js:30:13:30:25 | req.params.id | pg-promise.js:30:13:30:25 | req.params.id | This query depends on $@. | pg-promise.js:30:13:30:25 | req.params.id | a user-provided value |
| pg-promise.js:34:13:34:25 | req.params.id | pg-promise.js:34:13:34:25 | req.params.id | pg-promise.js:34:13:34:25 | req.params.id | This query depends on $@. | pg-promise.js:34:13:34:25 | req.params.id | a user-provided value |
| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | This query depends on $@. | pg-promise.js:39:7:39:19 | req.params.id | a user-provided value |
| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | This query depends on $@. | pg-promise.js:40:7:40:21 | req.params.name | a user-provided value |
| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | This query depends on $@. | pg-promise.js:41:7:41:20 | req.params.foo | a user-provided value |
| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:39:7:39:19 | req.params.id | This query depends on $@. | pg-promise.js:39:7:39:19 | req.params.id | a user-provided value |
| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:40:7:40:21 | req.params.name | This query depends on $@. | pg-promise.js:40:7:40:21 | req.params.name | a user-provided value |
| pg-promise.js:47:11:47:23 | req.params.id | pg-promise.js:47:11:47:23 | req.params.id | pg-promise.js:47:11:47:23 | req.params.id | This query depends on $@. | pg-promise.js:47:11:47:23 | req.params.id | a user-provided value |
| pg-promise.js:54:11:54:23 | req.params.id | pg-promise.js:54:11:54:23 | req.params.id | pg-promise.js:54:11:54:23 | req.params.id | This query depends on $@. | pg-promise.js:54:11:54:23 | req.params.id | a user-provided value |
| pg-promise.js:56:14:56:29 | req.params.title | pg-promise.js:56:14:56:29 | req.params.title | pg-promise.js:56:14:56:29 | req.params.title | This query depends on $@. | pg-promise.js:56:14:56:29 | req.params.title | a user-provided value |
| pg-promise.js:60:20:60:24 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:60:20:60:24 | query | This query depends on $@. | pg-promise.js:7:16:7:34 | req.params.category | a user-provided value |
| pg-promise.js:63:23:63:27 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:63:23:63:27 | query | This query depends on $@. | pg-promise.js:7:16:7:34 | req.params.category | a user-provided value |
| pg-promise.js:64:16:64:20 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:64:16:64:20 | query | This query depends on $@. | pg-promise.js:7:16:7:34 | req.params.category | a user-provided value |
| redis.js:10:16:10:27 | req.body.key | redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | This query depends on $@. | redis.js:10:16:10:23 | req.body | a user-provided value |
| redis.js:18:16:18:18 | key | redis.js:12:15:12:22 | req.body | redis.js:18:16:18:18 | key | This query depends on $@. | redis.js:12:15:12:22 | req.body | a user-provided value |
| redis.js:19:43:19:45 | key | redis.js:12:15:12:22 | req.body | redis.js:19:43:19:45 | key | This query depends on $@. | redis.js:12:15:12:22 | req.body | a user-provided value |
| redis.js:25:14:25:16 | key | redis.js:12:15:12:22 | req.body | redis.js:25:14:25:16 | key | This query depends on $@. | redis.js:12:15:12:22 | req.body | a user-provided value |
| redis.js:30:23:30:25 | key | redis.js:12:15:12:22 | req.body | redis.js:30:23:30:25 | key | This query depends on $@. | redis.js:12:15:12:22 | req.body | a user-provided value |
| redis.js:32:28:32:30 | key | redis.js:12:15:12:22 | req.body | redis.js:32:28:32:30 | key | This query depends on $@. | redis.js:12:15:12:22 | req.body | a user-provided value |
| redis.js:39:16:39:18 | key | redis.js:38:17:38:24 | req.body | redis.js:39:16:39:18 | key | This query depends on $@. | redis.js:38:17:38:24 | req.body | a user-provided value |
| redis.js:43:27:43:29 | key | redis.js:38:17:38:24 | req.body | redis.js:43:27:43:29 | key | This query depends on $@. | redis.js:38:17:38:24 | req.body | a user-provided value |
| redis.js:46:34:46:36 | key | redis.js:38:17:38:24 | req.body | redis.js:46:34:46:36 | key | This query depends on $@. | redis.js:38:17:38:24 | req.body | a user-provided value |
| socketio.js:11:12:11:53 | `INSERT ... andle}` | socketio.js:10:25:10:30 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | This query depends on $@. | socketio.js:10:25:10:30 | handle | a user-provided value |
| tst2.js:9:27:9:84 | "select ... d + "'" | tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | This query depends on $@. | tst2.js:9:66:9:78 | req.params.id | a user-provided value |
| tst3.js:9:14:9:19 | query1 | tst3.js:8:16:8:34 | req.params.category | tst3.js:9:14:9:19 | query1 | This query depends on $@. | tst3.js:8:16:8:34 | req.params.category | a user-provided value |
| tst4.js:8:10:8:66 | 'SELECT ... d + '"' | tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | This query depends on $@. | tst4.js:8:46:8:60 | $routeParams.id | a user-provided value |
| tst.js:10:10:10:64 | 'SELECT ... d + '"' | tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | This query depends on $@. | tst.js:10:46:10:58 | req.params.id | a user-provided value |
| graphql.js:10:34:20:5 | `\\n ... }\\n ` | graphql.js:8:16:8:28 | req.params.id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | This query depends on a $@. | graphql.js:8:16:8:28 | req.params.id | user-provided value |
| graphql.js:27:30:27:40 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:27:30:27:40 | `foo ${id}` | This query depends on a $@. | graphql.js:26:16:26:28 | req.params.id | user-provided value |
| graphql.js:30:32:30:42 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:30:32:30:42 | `foo ${id}` | This query depends on a $@. | graphql.js:26:16:26:28 | req.params.id | user-provided value |
| graphql.js:33:18:33:28 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:33:18:33:28 | `foo ${id}` | This query depends on a $@. | graphql.js:26:16:26:28 | req.params.id | user-provided value |
| graphql.js:44:14:44:24 | `foo ${id}` | graphql.js:39:16:39:28 | req.params.id | graphql.js:44:14:44:24 | `foo ${id}` | This query depends on a $@. | graphql.js:39:16:39:28 | req.params.id | user-provided value |
| graphql.js:48:44:48:54 | `foo ${id}` | graphql.js:39:16:39:28 | req.params.id | graphql.js:48:44:48:54 | `foo ${id}` | This query depends on a $@. | graphql.js:39:16:39:28 | req.params.id | user-provided value |
| graphql.js:56:39:56:49 | `foo ${id}` | graphql.js:55:16:55:28 | req.params.id | graphql.js:56:39:56:49 | `foo ${id}` | This query depends on a $@. | graphql.js:55:16:55:28 | req.params.id | user-provided value |
| graphql.js:58:66:58:76 | `foo ${id}` | graphql.js:55:16:55:28 | req.params.id | graphql.js:58:66:58:76 | `foo ${id}` | This query depends on a $@. | graphql.js:55:16:55:28 | req.params.id | user-provided value |
| graphql.js:75:46:75:64 | "{ foo" + id + " }" | graphql.js:74:14:74:25 | req.query.id | graphql.js:75:46:75:64 | "{ foo" + id + " }" | This query depends on a $@. | graphql.js:74:14:74:25 | req.query.id | user-provided value |
| graphql.js:84:14:90:8 | `{\\n ... }` | graphql.js:74:14:74:25 | req.query.id | graphql.js:84:14:90:8 | `{\\n ... }` | This query depends on a $@. | graphql.js:74:14:74:25 | req.query.id | user-provided value |
| graphql.js:120:38:120:48 | `foo ${id}` | graphql.js:119:16:119:28 | req.params.id | graphql.js:120:38:120:48 | `foo ${id}` | This query depends on a $@. | graphql.js:119:16:119:28 | req.params.id | user-provided value |
| json-schema-validator.js:33:22:33:26 | query | json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:33:22:33:26 | query | This query depends on a $@. | json-schema-validator.js:25:34:25:47 | req.query.data | user-provided value |
| json-schema-validator.js:35:18:35:22 | query | json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:35:18:35:22 | query | This query depends on a $@. | json-schema-validator.js:25:34:25:47 | req.query.data | user-provided value |
| json-schema-validator.js:55:22:55:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:55:22:55:26 | query | This query depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value |
| json-schema-validator.js:59:22:59:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:59:22:59:26 | query | This query depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value |
| json-schema-validator.js:61:22:61:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:61:22:61:26 | query | This query depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value |
| ldap.js:28:30:28:34 | opts1 | ldap.js:20:21:20:27 | req.url | ldap.js:28:30:28:34 | opts1 | This query depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value |
| ldap.js:32:5:32:61 | { filte ... e}))` } | ldap.js:20:21:20:27 | req.url | ldap.js:32:5:32:61 | { filte ... e}))` } | This query depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value |
| ldap.js:66:30:66:53 | { filte ... ilter } | ldap.js:20:21:20:27 | req.url | ldap.js:66:30:66:53 | { filte ... ilter } | This query depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value |
| ldap.js:68:27:68:42 | `cn=${username}` | ldap.js:20:21:20:27 | req.url | ldap.js:68:27:68:42 | `cn=${username}` | This query depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value |
| marsdb-flow-to.js:14:17:14:21 | query | marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:14:17:14:21 | query | This query depends on a $@. | marsdb-flow-to.js:11:17:11:24 | req.body | user-provided value |
| marsdb.js:16:12:16:16 | query | marsdb.js:13:17:13:24 | req.body | marsdb.js:16:12:16:16 | query | This query depends on a $@. | marsdb.js:13:17:13:24 | req.body | user-provided value |
| minimongo.js:18:12:18:16 | query | minimongo.js:15:17:15:24 | req.body | minimongo.js:18:12:18:16 | query | This query depends on a $@. | minimongo.js:15:17:15:24 | req.body | user-provided value |
| mongodb.js:18:16:18:20 | query | mongodb.js:13:19:13:26 | req.body | mongodb.js:18:16:18:20 | query | This query depends on a $@. | mongodb.js:13:19:13:26 | req.body | user-provided value |
| mongodb.js:32:18:32:45 | { title ... itle) } | mongodb.js:26:19:26:26 | req.body | mongodb.js:32:18:32:45 | { title ... itle) } | This query depends on a $@. | mongodb.js:26:19:26:26 | req.body | user-provided value |
| mongodb.js:54:16:54:20 | query | mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | This query depends on a $@. | mongodb.js:49:19:49:33 | req.query.title | user-provided value |
| mongodb.js:65:12:65:16 | query | mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | This query depends on a $@. | mongodb.js:60:16:60:30 | req.query.title | user-provided value |
| mongodb.js:77:14:77:26 | { tags: tag } | mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:77:14:77:26 | { tags: tag } | This query depends on a $@. | mongodb.js:70:13:70:25 | req.query.tag | user-provided value |
| mongodb.js:85:12:85:24 | { tags: tag } | mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:85:12:85:24 | { tags: tag } | This query depends on a $@. | mongodb.js:70:13:70:25 | req.query.tag | user-provided value |
| mongodb.js:112:14:112:18 | query | mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | This query depends on a $@. | mongodb.js:107:17:107:29 | queries.title | user-provided value |
| mongodb_bodySafe.js:29:16:29:20 | query | mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | This query depends on a $@. | mongodb_bodySafe.js:24:19:24:33 | req.query.title | user-provided value |
| mongoose.js:24:24:24:30 | [query] | mongoose.js:21:19:21:26 | req.body | mongoose.js:24:24:24:30 | [query] | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:27:20:27:24 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:27:20:27:24 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:30:25:30:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:30:25:30:29 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:33:24:33:28 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:33:24:33:28 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:36:31:36:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:36:31:36:35 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:39:19:39:23 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:39:19:39:23 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:42:22:42:26 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:42:22:42:26 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:45:31:45:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:45:31:45:35 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:48:31:48:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:48:31:48:35 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:51:31:51:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:51:31:51:35 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:54:25:54:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:54:25:54:29 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:57:21:57:25 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:57:21:57:25 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:60:25:60:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:60:25:60:29 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:63:21:63:25 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:63:21:63:25 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:65:32:65:36 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:65:32:65:36 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:67:27:67:31 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:67:27:67:31 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:68:8:68:12 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:68:8:68:12 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:71:20:71:24 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:71:20:71:24 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:72:16:72:20 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:72:16:72:20 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:73:8:73:12 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:73:8:73:12 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:74:7:74:11 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:74:7:74:11 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:75:16:75:20 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:75:16:75:20 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:77:10:77:14 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:77:10:77:14 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:82:46:82:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:82:46:82:50 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:83:47:83:51 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:83:47:83:51 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:85:46:85:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:85:46:85:50 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:87:51:87:55 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:87:51:87:55 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:89:46:89:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:89:46:89:50 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:92:46:92:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:92:46:92:50 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:94:51:94:55 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:94:51:94:55 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:96:46:96:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:96:46:96:50 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:111:14:111:18 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:111:14:111:18 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:113:31:113:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:113:31:113:35 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
| mongoose.js:116:22:116:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:116:22:116:25 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
| mongoose.js:117:21:117:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:117:21:117:24 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
| mongoose.js:118:21:118:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:118:21:118:24 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
| mongoose.js:119:18:119:21 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:119:18:119:21 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
| mongoose.js:120:22:120:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:120:22:120:25 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
| mongoose.js:121:16:121:19 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:121:16:121:19 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
| mongoose.js:122:19:122:22 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:122:19:122:22 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
| mongoose.js:123:20:123:21 | id | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:123:20:123:21 | id | This query depends on a $@. | mongoose.js:115:11:115:22 | req.query.id | user-provided value |
| mongoose.js:124:28:124:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:124:28:124:31 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
| mongoose.js:125:28:125:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:125:28:125:31 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
| mongoose.js:126:28:126:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:126:28:126:31 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
| mongoose.js:127:18:127:21 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:127:18:127:21 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
| mongoose.js:128:22:128:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:128:22:128:25 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
| mongoose.js:129:21:129:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:129:21:129:24 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
| mongoose.js:130:16:130:26 | { _id: id } | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:130:16:130:26 | { _id: id } | This query depends on a $@. | mongoose.js:115:11:115:22 | req.query.id | user-provided value |
| mongooseJsonParse.js:23:19:23:23 | query | mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:23:19:23:23 | query | This query depends on a $@. | mongooseJsonParse.js:20:30:20:43 | req.query.data | user-provided value |
| mongooseModelClient.js:11:16:11:24 | { id: v } | mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:11:16:11:24 | { id: v } | This query depends on a $@. | mongooseModelClient.js:10:22:10:29 | req.body | user-provided value |
| mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | This query depends on a $@. | mongooseModelClient.js:12:22:12:29 | req.body | user-provided value |
| mysql.js:15:18:15:65 | 'SELECT ... + temp | mysql.js:6:16:6:31 | req.params.value | mysql.js:15:18:15:65 | 'SELECT ... + temp | This query depends on a $@. | mysql.js:6:16:6:31 | req.params.value | user-provided value |
| mysql.js:19:26:19:73 | 'SELECT ... + temp | mysql.js:6:16:6:31 | req.params.value | mysql.js:19:26:19:73 | 'SELECT ... + temp | This query depends on a $@. | mysql.js:6:16:6:31 | req.params.value | user-provided value |
| pg-promise-types.ts:8:17:8:21 | taint | pg-promise-types.ts:7:17:7:28 | req.params.x | pg-promise-types.ts:8:17:8:21 | taint | This query depends on a $@. | pg-promise-types.ts:7:17:7:28 | req.params.x | user-provided value |
| pg-promise.js:9:10:9:14 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:9:10:9:14 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value |
| pg-promise.js:10:11:10:15 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:10:11:10:15 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value |
| pg-promise.js:11:17:11:21 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:11:17:11:21 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value |
| pg-promise.js:12:10:12:14 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:12:10:12:14 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value |
| pg-promise.js:13:12:13:16 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:13:12:13:16 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value |
| pg-promise.js:14:18:14:22 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:14:18:14:22 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value |
| pg-promise.js:15:11:15:15 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:15:11:15:15 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value |
| pg-promise.js:16:10:16:14 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:16:10:16:14 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value |
| pg-promise.js:17:16:17:20 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:17:16:17:20 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value |
| pg-promise.js:18:12:18:16 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:18:12:18:16 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value |
| pg-promise.js:19:13:19:17 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:19:13:19:17 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value |
| pg-promise.js:22:11:22:15 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:22:11:22:15 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value |
| pg-promise.js:30:13:30:25 | req.params.id | pg-promise.js:30:13:30:25 | req.params.id | pg-promise.js:30:13:30:25 | req.params.id | This query depends on a $@. | pg-promise.js:30:13:30:25 | req.params.id | user-provided value |
| pg-promise.js:34:13:34:25 | req.params.id | pg-promise.js:34:13:34:25 | req.params.id | pg-promise.js:34:13:34:25 | req.params.id | This query depends on a $@. | pg-promise.js:34:13:34:25 | req.params.id | user-provided value |
| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | This query depends on a $@. | pg-promise.js:39:7:39:19 | req.params.id | user-provided value |
| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | This query depends on a $@. | pg-promise.js:40:7:40:21 | req.params.name | user-provided value |
| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | This query depends on a $@. | pg-promise.js:41:7:41:20 | req.params.foo | user-provided value |
| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:39:7:39:19 | req.params.id | This query depends on a $@. | pg-promise.js:39:7:39:19 | req.params.id | user-provided value |
| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:40:7:40:21 | req.params.name | This query depends on a $@. | pg-promise.js:40:7:40:21 | req.params.name | user-provided value |
| pg-promise.js:47:11:47:23 | req.params.id | pg-promise.js:47:11:47:23 | req.params.id | pg-promise.js:47:11:47:23 | req.params.id | This query depends on a $@. | pg-promise.js:47:11:47:23 | req.params.id | user-provided value |
| pg-promise.js:54:11:54:23 | req.params.id | pg-promise.js:54:11:54:23 | req.params.id | pg-promise.js:54:11:54:23 | req.params.id | This query depends on a $@. | pg-promise.js:54:11:54:23 | req.params.id | user-provided value |
| pg-promise.js:56:14:56:29 | req.params.title | pg-promise.js:56:14:56:29 | req.params.title | pg-promise.js:56:14:56:29 | req.params.title | This query depends on a $@. | pg-promise.js:56:14:56:29 | req.params.title | user-provided value |
| pg-promise.js:60:20:60:24 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:60:20:60:24 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value |
| pg-promise.js:63:23:63:27 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:63:23:63:27 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value |
| pg-promise.js:64:16:64:20 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:64:16:64:20 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value |
| redis.js:10:16:10:27 | req.body.key | redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | This query depends on a $@. | redis.js:10:16:10:23 | req.body | user-provided value |
| redis.js:18:16:18:18 | key | redis.js:12:15:12:22 | req.body | redis.js:18:16:18:18 | key | This query depends on a $@. | redis.js:12:15:12:22 | req.body | user-provided value |
| redis.js:19:43:19:45 | key | redis.js:12:15:12:22 | req.body | redis.js:19:43:19:45 | key | This query depends on a $@. | redis.js:12:15:12:22 | req.body | user-provided value |
| redis.js:25:14:25:16 | key | redis.js:12:15:12:22 | req.body | redis.js:25:14:25:16 | key | This query depends on a $@. | redis.js:12:15:12:22 | req.body | user-provided value |
| redis.js:30:23:30:25 | key | redis.js:12:15:12:22 | req.body | redis.js:30:23:30:25 | key | This query depends on a $@. | redis.js:12:15:12:22 | req.body | user-provided value |
| redis.js:32:28:32:30 | key | redis.js:12:15:12:22 | req.body | redis.js:32:28:32:30 | key | This query depends on a $@. | redis.js:12:15:12:22 | req.body | user-provided value |
| redis.js:39:16:39:18 | key | redis.js:38:17:38:24 | req.body | redis.js:39:16:39:18 | key | This query depends on a $@. | redis.js:38:17:38:24 | req.body | user-provided value |
| redis.js:43:27:43:29 | key | redis.js:38:17:38:24 | req.body | redis.js:43:27:43:29 | key | This query depends on a $@. | redis.js:38:17:38:24 | req.body | user-provided value |
| redis.js:46:34:46:36 | key | redis.js:38:17:38:24 | req.body | redis.js:46:34:46:36 | key | This query depends on a $@. | redis.js:38:17:38:24 | req.body | user-provided value |
| socketio.js:11:12:11:53 | `INSERT ... andle}` | socketio.js:10:25:10:30 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | This query depends on a $@. | socketio.js:10:25:10:30 | handle | user-provided value |
| tst2.js:9:27:9:84 | "select ... d + "'" | tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | This query depends on a $@. | tst2.js:9:66:9:78 | req.params.id | user-provided value |
| tst3.js:9:14:9:19 | query1 | tst3.js:8:16:8:34 | req.params.category | tst3.js:9:14:9:19 | query1 | This query depends on a $@. | tst3.js:8:16:8:34 | req.params.category | user-provided value |
| tst4.js:8:10:8:66 | 'SELECT ... d + '"' | tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | This query depends on a $@. | tst4.js:8:46:8:60 | $routeParams.id | user-provided value |
| tst.js:10:10:10:64 | 'SELECT ... d + '"' | tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | This query depends on a $@. | tst.js:10:46:10:58 | req.params.id | user-provided value |

2
javascript/ql/test/query-tests/Security/CWE-089/untyped/marsdb-flow-to.js
View File

@@ -11,5 +11,5 @@ app.post("/documents/find", (req, res) => {
query.title = req.body.title;
// NOT OK: query is tainted by user-provided object value
db.myDoc.find(query);
db.myDoc.find(query, (err, data) => {});
});

2
javascript/ql/test/query-tests/Security/CWE-089/untyped/marsdb.js
View File

@@ -13,5 +13,5 @@ app.post("/documents/find", (req, res) => {
query.title = req.body.title;
// NOT OK: query is tainted by user-provided object value
doc.find(query);
doc.find(query, (err, data) => {});
});

6
javascript/ql/test/query-tests/Security/CWE-089/untyped/pg-promise.js
View File

@@ -5,7 +5,7 @@ require('express')().get('/foo', (req, res) => {
var query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ req.params.category + "' ORDER BY PRICE";
db.any(query); // NOT OK
db.many(query); // NOT OK
db.manyOrNone(query); // NOT OK
@@ -17,7 +17,7 @@ require('express')().get('/foo', (req, res) => {
db.oneOrNone(query); // NOT OK
db.query(query); // NOT OK
db.result(query); // NOT OK
db.one({
text: query // NOT OK
});
@@ -59,7 +59,7 @@ require('express')().get('/foo', (req, res) => {
db.task(t => {
return t.one(query); // NOT OK
});
db.task(
db.taskIf(
{ cnd: t => t.one(query) }, // NOT OK
t => t.one(query) // NOT OK
);

110
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected
View File

@@ -286,58 +286,58 @@ edges
| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") |
| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source |
#select
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | $@ flows to this location and is interpreted as code. | NoSQLCodeInjection.js:18:24:18:31 | req.body | User-provided value |
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | $@ flows to this location and is interpreted as code. | NoSQLCodeInjection.js:19:36:19:43 | req.body | User-provided value |
| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | $@ flows to this location and is interpreted as code. | NoSQLCodeInjection.js:22:36:22:43 | req.body | User-provided value |
| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | $@ flows to this location and is interpreted as code. | angularjs.js:10:22:10:36 | location.search | User-provided value |
| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | $@ flows to this location and is interpreted as code. | angularjs.js:13:23:13:37 | location.search | User-provided value |
| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | $@ flows to this location and is interpreted as code. | angularjs.js:16:28:16:42 | location.search | User-provided value |
| angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search | $@ flows to this location and is interpreted as code. | angularjs.js:19:22:19:36 | location.search | User-provided value |
| angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search | $@ flows to this location and is interpreted as code. | angularjs.js:22:27:22:41 | location.search | User-provided value |
| angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search | $@ flows to this location and is interpreted as code. | angularjs.js:25:23:25:37 | location.search | User-provided value |
| angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search | $@ flows to this location and is interpreted as code. | angularjs.js:28:33:28:47 | location.search | User-provided value |
| angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search | $@ flows to this location and is interpreted as code. | angularjs.js:31:28:31:42 | location.search | User-provided value |
| angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search | $@ flows to this location and is interpreted as code. | angularjs.js:34:18:34:32 | location.search | User-provided value |
| angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search | $@ flows to this location and is interpreted as code. | angularjs.js:40:18:40:32 | location.search | User-provided value |
| angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search | $@ flows to this location and is interpreted as code. | angularjs.js:44:17:44:31 | location.search | User-provided value |
| angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | $@ flows to this location and is interpreted as code. | angularjs.js:47:16:47:30 | location.search | User-provided value |
| angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | $@ flows to this location and is interpreted as code. | angularjs.js:50:22:50:36 | location.search | User-provided value |
| angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | $@ flows to this location and is interpreted as code. | angularjs.js:53:32:53:46 | location.search | User-provided value |
| express.js:7:24:7:69 | "return ... + "];" | express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | $@ flows to this location and is interpreted as code. | express.js:7:44:7:62 | req.param("wobble") | User-provided value |
| express.js:9:34:9:79 | "return ... + "];" | express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | $@ flows to this location and is interpreted as code. | express.js:9:54:9:72 | req.param("wobble") | User-provided value |
| express.js:12:8:12:53 | "return ... + "];" | express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | $@ flows to this location and is interpreted as code. | express.js:12:28:12:46 | req.param("wobble") | User-provided value |
| express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") | $@ flows to this location and is interpreted as code. | express.js:15:22:15:54 | req.par ... ction") | User-provided value |
| express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") | $@ flows to this location and is interpreted as code. | express.js:17:30:17:53 | req.par ... cript") | User-provided value |
| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | $@ flows to this location and is interpreted as code. | express.js:19:37:19:70 | req.par ... odule") | User-provided value |
| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | $@ flows to this location and is interpreted as code. | express.js:21:19:21:48 | req.par ... ntext") | User-provided value |
| express.js:27:34:27:38 | taint | express.js:26:17:26:35 | req.param("wobble") | express.js:27:34:27:38 | taint | $@ flows to this location and is interpreted as code. | express.js:26:17:26:35 | req.param("wobble") | User-provided value |
| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | $@ flows to this location and is interpreted as code. | module.js:9:16:9:29 | req.query.code | User-provided value |
| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | $@ flows to this location and is interpreted as code. | module.js:11:17:11:30 | req.query.code | User-provided value |
| react-native.js:8:32:8:38 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:8:32:8:38 | tainted | $@ flows to this location and is interpreted as code. | react-native.js:7:17:7:33 | req.param("code") | User-provided value |
| react-native.js:10:23:10:29 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:10:23:10:29 | tainted | $@ flows to this location and is interpreted as code. | react-native.js:7:17:7:33 | req.param("code") | User-provided value |
| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | $@ flows to this location and is interpreted as code. | react.js:10:56:10:77 | documen ... on.hash | User-provided value |
| template-sinks.js:19:17:19:23 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:19:17:19:23 | tainted | $@ flows to this location and is interpreted as a template, which may contain code. | template-sinks.js:17:19:17:31 | req.query.foo | User-provided value |
| template-sinks.js:20:16:20:22 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:20:16:20:22 | tainted | $@ flows to this location and is interpreted as a template, which may contain code. | template-sinks.js:17:19:17:31 | req.query.foo | User-provided value |
| template-sinks.js:21:18:21:24 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:21:18:21:24 | tainted | $@ flows to this location and is interpreted as a template, which may contain code. | template-sinks.js:17:19:17:31 | req.query.foo | User-provided value |
| template-sinks.js:22:17:22:23 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:22:17:22:23 | tainted | $@ flows to this location and is interpreted as a template, which may contain code. | template-sinks.js:17:19:17:31 | req.query.foo | User-provided value |
| template-sinks.js:23:18:23:24 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:23:18:23:24 | tainted | $@ flows to this location and is interpreted as a template, which may contain code. | template-sinks.js:17:19:17:31 | req.query.foo | User-provided value |
| template-sinks.js:24:16:24:22 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:24:16:24:22 | tainted | $@ flows to this location and is interpreted as a template, which may contain code. | template-sinks.js:17:19:17:31 | req.query.foo | User-provided value |
| template-sinks.js:25:27:25:33 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:25:27:25:33 | tainted | $@ flows to this location and is interpreted as a template, which may contain code. | template-sinks.js:17:19:17:31 | req.query.foo | User-provided value |
| template-sinks.js:26:21:26:27 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:26:21:26:27 | tainted | $@ flows to this location and is interpreted as a template, which may contain code. | template-sinks.js:17:19:17:31 | req.query.foo | User-provided value |
| template-sinks.js:27:17:27:23 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:27:17:27:23 | tainted | $@ flows to this location and is interpreted as a template, which may contain code. | template-sinks.js:17:19:17:31 | req.query.foo | User-provided value |
| template-sinks.js:28:24:28:30 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:28:24:28:30 | tainted | $@ flows to this location and is interpreted as a template, which may contain code. | template-sinks.js:17:19:17:31 | req.query.foo | User-provided value |
| template-sinks.js:29:21:29:27 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:29:21:29:27 | tainted | $@ flows to this location and is interpreted as a template, which may contain code. | template-sinks.js:17:19:17:31 | req.query.foo | User-provided value |
| template-sinks.js:30:19:30:25 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:30:19:30:25 | tainted | $@ flows to this location and is interpreted as a template, which may contain code. | template-sinks.js:17:19:17:31 | req.query.foo | User-provided value |
| template-sinks.js:31:16:31:22 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:31:16:31:22 | tainted | $@ flows to this location and is interpreted as a template, which may contain code. | template-sinks.js:17:19:17:31 | req.query.foo | User-provided value |
| template-sinks.js:32:17:32:23 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:32:17:32:23 | tainted | $@ flows to this location and is interpreted as a template, which may contain code. | template-sinks.js:17:19:17:31 | req.query.foo | User-provided value |
| tst.js:2:6:2:83 | documen ... t=")+8) | tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | $@ flows to this location and is interpreted as code. | tst.js:2:6:2:27 | documen ... on.href | User-provided value |
| tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | $@ flows to this location and is interpreted as code. | tst.js:5:12:5:33 | documen ... on.hash | User-provided value |
| tst.js:14:10:14:74 | documen ... , "$1") | tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | $@ flows to this location and is interpreted as code. | tst.js:14:10:14:33 | documen ... .search | User-provided value |
| tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash | $@ flows to this location and is interpreted as code. | tst.js:17:21:17:42 | documen ... on.hash | User-provided value |
| tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash | $@ flows to this location and is interpreted as code. | tst.js:20:30:20:51 | documen ... on.hash | User-provided value |
| tst.js:23:6:23:46 | atob(do ... ing(1)) | tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:6:23:46 | atob(do ... ing(1)) | $@ flows to this location and is interpreted as code. | tst.js:23:11:23:32 | documen ... on.hash | User-provided value |
| tst.js:26:26:26:53 | locatio ... ring(1) | tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | $@ flows to this location and is interpreted as code. | tst.js:26:26:26:40 | location.search | User-provided value |
| tst.js:31:18:31:23 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:31:18:31:23 | source | $@ flows to this location and is interpreted as code. | tst.js:29:18:29:41 | documen ... .search | User-provided value |
| tst.js:33:14:33:19 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:33:14:33:19 | source | $@ flows to this location and is interpreted as code. | tst.js:29:18:29:41 | documen ... .search | User-provided value |
| tst.js:35:28:35:33 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:35:28:35:33 | source | $@ flows to this location and is interpreted as code. | tst.js:29:18:29:41 | documen ... .search | User-provided value |
| tst.js:37:33:37:38 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:37:33:37:38 | source | $@ flows to this location and is interpreted as code. | tst.js:29:18:29:41 | documen ... .search | User-provided value |
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | This code execution depends on a $@. | NoSQLCodeInjection.js:18:24:18:31 | req.body | user-provided value |
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:19:36:19:43 | req.body | user-provided value |
| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:22:36:22:43 | req.body | user-provided value |
| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | This code execution depends on a $@. | angularjs.js:10:22:10:36 | location.search | user-provided value |
| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | This code execution depends on a $@. | angularjs.js:13:23:13:37 | location.search | user-provided value |
| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | This code execution depends on a $@. | angularjs.js:16:28:16:42 | location.search | user-provided value |
| angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search | This code execution depends on a $@. | angularjs.js:19:22:19:36 | location.search | user-provided value |
| angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search | This code execution depends on a $@. | angularjs.js:22:27:22:41 | location.search | user-provided value |
| angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search | This code execution depends on a $@. | angularjs.js:25:23:25:37 | location.search | user-provided value |
| angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search | This code execution depends on a $@. | angularjs.js:28:33:28:47 | location.search | user-provided value |
| angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search | This code execution depends on a $@. | angularjs.js:31:28:31:42 | location.search | user-provided value |
| angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search | This code execution depends on a $@. | angularjs.js:34:18:34:32 | location.search | user-provided value |
| angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search | This code execution depends on a $@. | angularjs.js:40:18:40:32 | location.search | user-provided value |
| angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search | This code execution depends on a $@. | angularjs.js:44:17:44:31 | location.search | user-provided value |
| angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | This code execution depends on a $@. | angularjs.js:47:16:47:30 | location.search | user-provided value |
| angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | This code execution depends on a $@. | angularjs.js:50:22:50:36 | location.search | user-provided value |
| angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | This code execution depends on a $@. | angularjs.js:53:32:53:46 | location.search | user-provided value |
| express.js:7:24:7:69 | "return ... + "];" | express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | This code execution depends on a $@. | express.js:7:44:7:62 | req.param("wobble") | user-provided value |
| express.js:9:34:9:79 | "return ... + "];" | express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | This code execution depends on a $@. | express.js:9:54:9:72 | req.param("wobble") | user-provided value |
| express.js:12:8:12:53 | "return ... + "];" | express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | This code execution depends on a $@. | express.js:12:28:12:46 | req.param("wobble") | user-provided value |
| express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") | This code execution depends on a $@. | express.js:15:22:15:54 | req.par ... ction") | user-provided value |
| express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") | This code execution depends on a $@. | express.js:17:30:17:53 | req.par ... cript") | user-provided value |
| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | This code execution depends on a $@. | express.js:19:37:19:70 | req.par ... odule") | user-provided value |
| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | This code execution depends on a $@. | express.js:21:19:21:48 | req.par ... ntext") | user-provided value |
| express.js:27:34:27:38 | taint | express.js:26:17:26:35 | req.param("wobble") | express.js:27:34:27:38 | taint | This code execution depends on a $@. | express.js:26:17:26:35 | req.param("wobble") | user-provided value |
| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | This code execution depends on a $@. | module.js:9:16:9:29 | req.query.code | user-provided value |
| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | This code execution depends on a $@. | module.js:11:17:11:30 | req.query.code | user-provided value |
| react-native.js:8:32:8:38 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:8:32:8:38 | tainted | This code execution depends on a $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
| react-native.js:10:23:10:29 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:10:23:10:29 | tainted | This code execution depends on a $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | This code execution depends on a $@. | react.js:10:56:10:77 | documen ... on.hash | user-provided value |
| template-sinks.js:19:17:19:23 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:19:17:19:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
| template-sinks.js:20:16:20:22 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:20:16:20:22 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
| template-sinks.js:21:18:21:24 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:21:18:21:24 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
| template-sinks.js:22:17:22:23 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:22:17:22:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
| template-sinks.js:23:18:23:24 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:23:18:23:24 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
| template-sinks.js:24:16:24:22 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:24:16:24:22 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
| template-sinks.js:25:27:25:33 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:25:27:25:33 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
| template-sinks.js:26:21:26:27 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:26:21:26:27 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
| template-sinks.js:27:17:27:23 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:27:17:27:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
| template-sinks.js:28:24:28:30 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:28:24:28:30 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
| template-sinks.js:29:21:29:27 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:29:21:29:27 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
| template-sinks.js:30:19:30:25 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:30:19:30:25 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
| template-sinks.js:31:16:31:22 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:31:16:31:22 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
| template-sinks.js:32:17:32:23 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:32:17:32:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
| tst.js:2:6:2:83 | documen ... t=")+8) | tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | This code execution depends on a $@. | tst.js:2:6:2:27 | documen ... on.href | user-provided value |
| tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | This code execution depends on a $@. | tst.js:5:12:5:33 | documen ... on.hash | user-provided value |
| tst.js:14:10:14:74 | documen ... , "$1") | tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | This code execution depends on a $@. | tst.js:14:10:14:33 | documen ... .search | user-provided value |
| tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash | This code execution depends on a $@. | tst.js:17:21:17:42 | documen ... on.hash | user-provided value |
| tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash | This code execution depends on a $@. | tst.js:20:30:20:51 | documen ... on.hash | user-provided value |
| tst.js:23:6:23:46 | atob(do ... ing(1)) | tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:6:23:46 | atob(do ... ing(1)) | This code execution depends on a $@. | tst.js:23:11:23:32 | documen ... on.hash | user-provided value |
| tst.js:26:26:26:53 | locatio ... ring(1) | tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | This code execution depends on a $@. | tst.js:26:26:26:40 | location.search | user-provided value |
| tst.js:31:18:31:23 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:31:18:31:23 | source | This code execution depends on a $@. | tst.js:29:18:29:41 | documen ... .search | user-provided value |
| tst.js:33:14:33:19 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:33:14:33:19 | source | This code execution depends on a $@. | tst.js:29:18:29:41 | documen ... .search | user-provided value |
| tst.js:35:28:35:33 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:35:28:35:33 | source | This code execution depends on a $@. | tst.js:29:18:29:41 | documen ... .search | user-provided value |
| tst.js:37:33:37:38 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:37:33:37:38 | source | This code execution depends on a $@. | tst.js:29:18:29:41 | documen ... .search | user-provided value |

16
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected
View File

@@ -65,11 +65,11 @@ edges
| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` |
| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` |
#select
| bad-code-sanitization.js:8:27:8:46 | statements.join(';') | bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | Code construction depends on $@. | bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | an improperly sanitized value |
| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | Code construction depends on $@. | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | an improperly sanitized value |
| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | Code construction depends on $@. | bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | an improperly sanitized value |
| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | Code construction depends on $@. | bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | an improperly sanitized value |
| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | Code construction depends on $@. | bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | an improperly sanitized value |
| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | Code construction depends on $@. | bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | an improperly sanitized value |
| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | Code construction depends on $@. | bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | an improperly sanitized value |
| bad-code-sanitization.js:64:27:64:36 | assignment | bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:64:27:64:36 | assignment | Code construction depends on $@. | bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | an improperly sanitized value |
| bad-code-sanitization.js:8:27:8:46 | statements.join(';') | bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | Code construction depends on an $@. | bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | improperly sanitized value |
| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | Code construction depends on an $@. | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | improperly sanitized value |
| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | Code construction depends on an $@. | bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | improperly sanitized value |
| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | Code construction depends on an $@. | bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | improperly sanitized value |
| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | Code construction depends on an $@. | bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | improperly sanitized value |
| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | Code construction depends on an $@. | bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | improperly sanitized value |
| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | Code construction depends on an $@. | bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | improperly sanitized value |
| bad-code-sanitization.js:64:27:64:36 | assignment | bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:64:27:64:36 | assignment | Code construction depends on an $@. | bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | improperly sanitized value |

24
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected
View File

@@ -105,15 +105,15 @@ edges
| lib/index.js:129:32:129:36 | taint | lib/index.js:137:23:137:49 | this.op ... dOption |
| lib/index.js:129:32:129:36 | taint | lib/index.js:137:23:137:49 | this.op ... dOption |
#select
| lib/index.js:2:21:2:24 | data | lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | $@ flows to this location and is later $@. | lib/index.js:1:35:1:38 | data | Library input | lib/index.js:2:15:2:30 | "(" + data + ")" | interpreted as code |
| lib/index.js:6:26:6:29 | name | lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | $@ flows to this location and is later $@. | lib/index.js:5:35:5:38 | name | Library input | lib/index.js:6:17:6:29 | "obj." + name | interpreted as code |
| lib/index.js:14:21:14:24 | data | lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | $@ flows to this location and is later $@. | lib/index.js:13:38:13:41 | data | Library input | lib/index.js:14:15:14:30 | "(" + data + ")" | interpreted as code |
| lib/index.js:22:7:22:10 | data | lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | $@ flows to this location and is later $@. | lib/index.js:19:26:19:29 | data | Library input | lib/index.js:25:24:25:26 | str | interpreted as code |
| lib/index.js:51:21:51:32 | opts.varName | lib/index.js:41:32:41:35 | opts | lib/index.js:51:21:51:32 | opts.varName | $@ flows to this location and is later $@. | lib/index.js:41:32:41:35 | opts | Library input | lib/index.js:51:10:51:52 | " var ... ing();" | interpreted as code |
| lib/index.js:103:21:103:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:103:21:103:47 | this.op ... dOption | $@ flows to this location and is later $@. | lib/index.js:86:15:86:19 | taint | Library input | lib/index.js:103:10:103:67 | " var ... ing();" | interpreted as code |
| lib/index.js:104:21:104:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:104:21:104:47 | this.op ... dOption | $@ flows to this location and is later $@. | lib/index.js:86:15:86:19 | taint | Library input | lib/index.js:104:10:104:67 | " var ... ing();" | interpreted as code |
| lib/index.js:105:21:105:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:105:21:105:47 | this.op ... dOption | $@ flows to this location and is later $@. | lib/index.js:86:15:86:19 | taint | Library input | lib/index.js:105:10:105:67 | " var ... ing();" | interpreted as code |
| lib/index.js:106:21:106:30 | this.taint | lib/index.js:86:15:86:19 | taint | lib/index.js:106:21:106:30 | this.taint | $@ flows to this location and is later $@. | lib/index.js:86:15:86:19 | taint | Library input | lib/index.js:106:10:106:50 | " var ... ing();" | interpreted as code |
| lib/index.js:136:23:136:49 | this.op ... dOption | lib/index.js:112:17:112:21 | taint | lib/index.js:136:23:136:49 | this.op ... dOption | $@ flows to this location and is later $@. | lib/index.js:112:17:112:21 | taint | Library input | lib/index.js:136:12:136:69 | " var ... ing();" | interpreted as code |
| lib/index.js:137:23:137:49 | this.op ... dOption | lib/index.js:112:17:112:21 | taint | lib/index.js:137:23:137:49 | this.op ... dOption | $@ flows to this location and is later $@. | lib/index.js:112:17:112:21 | taint | Library input | lib/index.js:137:12:137:69 | " var ... ing();" | interpreted as code |
| lib/index.js:138:23:138:32 | this.taint | lib/index.js:112:17:112:21 | taint | lib/index.js:138:23:138:32 | this.taint | $@ flows to this location and is later $@. | lib/index.js:112:17:112:21 | taint | Library input | lib/index.js:138:12:138:52 | " var ... ing();" | interpreted as code |
| lib/index.js:2:21:2:24 | data | lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | This string concatenation which depends on $@ is later $@. | lib/index.js:1:35:1:38 | data | library input | lib/index.js:2:15:2:30 | "(" + data + ")" | interpreted as code |
| lib/index.js:6:26:6:29 | name | lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | This string concatenation which depends on $@ is later $@. | lib/index.js:5:35:5:38 | name | library input | lib/index.js:6:17:6:29 | "obj." + name | interpreted as code |
| lib/index.js:14:21:14:24 | data | lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | This string concatenation which depends on $@ is later $@. | lib/index.js:13:38:13:41 | data | library input | lib/index.js:14:15:14:30 | "(" + data + ")" | interpreted as code |
| lib/index.js:22:7:22:10 | data | lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | This string concatenation which depends on $@ is later $@. | lib/index.js:19:26:19:29 | data | library input | lib/index.js:25:24:25:26 | str | interpreted as code |
| lib/index.js:51:21:51:32 | opts.varName | lib/index.js:41:32:41:35 | opts | lib/index.js:51:21:51:32 | opts.varName | This string concatenation which depends on $@ is later $@. | lib/index.js:41:32:41:35 | opts | library input | lib/index.js:51:10:51:52 | " var ... ing();" | interpreted as code |
| lib/index.js:103:21:103:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:103:21:103:47 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:103:10:103:67 | " var ... ing();" | interpreted as code |
| lib/index.js:104:21:104:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:104:21:104:47 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:104:10:104:67 | " var ... ing();" | interpreted as code |
| lib/index.js:105:21:105:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:105:21:105:47 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:105:10:105:67 | " var ... ing();" | interpreted as code |
| lib/index.js:106:21:106:30 | this.taint | lib/index.js:86:15:86:19 | taint | lib/index.js:106:21:106:30 | this.taint | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:106:10:106:50 | " var ... ing();" | interpreted as code |
| lib/index.js:136:23:136:49 | this.op ... dOption | lib/index.js:112:17:112:21 | taint | lib/index.js:136:23:136:49 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:136:12:136:69 | " var ... ing();" | interpreted as code |
| lib/index.js:137:23:137:49 | this.op ... dOption | lib/index.js:112:17:112:21 | taint | lib/index.js:137:23:137:49 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:137:12:137:69 | " var ... ing();" | interpreted as code |
| lib/index.js:138:23:138:32 | this.taint | lib/index.js:112:17:112:21 | taint | lib/index.js:138:23:138:32 | this.taint | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:138:12:138:52 | " var ... ing();" | interpreted as code |

12
javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected
View File

@@ -72,9 +72,9 @@ edges
| tst.js:21:17:21:23 | message | tst.js:21:17:21:28 | message.name |
| tst.js:21:17:21:28 | message.name | tst.js:21:12:21:28 | '' + message.name |
#select
| example.js:13:5:13:24 | window[message.name] | example.js:9:37:9:38 | ev | example.js:13:5:13:24 | window[message.name] | This method is invoked using $@, which may allow remote code execution. | example.js:9:37:9:38 | ev | a user-controlled value |
| tst.js:5:5:5:24 | window[message.name] | tst.js:3:37:3:38 | ev | tst.js:5:5:5:24 | window[message.name] | This method is invoked using $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | a user-controlled value |
| tst.js:6:9:6:28 | window[message.name] | tst.js:3:37:3:38 | ev | tst.js:6:9:6:28 | window[message.name] | This method is invoked using $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | a user-controlled value |
| tst.js:11:5:11:19 | f[message.name] | tst.js:3:37:3:38 | ev | tst.js:11:5:11:19 | f[message.name] | This method is invoked using $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | a user-controlled value |
| tst.js:15:5:15:14 | window[ev] | tst.js:3:37:3:38 | ev | tst.js:15:5:15:14 | window[ev] | This method is invoked using $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | a user-controlled value |
| tst.js:21:5:21:29 | window[ ... e.name] | tst.js:3:37:3:38 | ev | tst.js:21:5:21:29 | window[ ... e.name] | This method is invoked using $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | a user-controlled value |
| example.js:13:5:13:24 | window[message.name] | example.js:9:37:9:38 | ev | example.js:13:5:13:24 | window[message.name] | This method is invoked using a $@, which may allow remote code execution. | example.js:9:37:9:38 | ev | user-controlled value |
| tst.js:5:5:5:24 | window[message.name] | tst.js:3:37:3:38 | ev | tst.js:5:5:5:24 | window[message.name] | This method is invoked using a $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | user-controlled value |
| tst.js:6:9:6:28 | window[message.name] | tst.js:3:37:3:38 | ev | tst.js:6:9:6:28 | window[message.name] | This method is invoked using a $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | user-controlled value |
| tst.js:11:5:11:19 | f[message.name] | tst.js:3:37:3:38 | ev | tst.js:11:5:11:19 | f[message.name] | This method is invoked using a $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | user-controlled value |
| tst.js:15:5:15:14 | window[ev] | tst.js:3:37:3:38 | ev | tst.js:15:5:15:14 | window[ev] | This method is invoked using a $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | user-controlled value |
| tst.js:21:5:21:29 | window[ ... e.name] | tst.js:3:37:3:38 | ev | tst.js:21:5:21:29 | window[ ... e.name] | This method is invoked using a $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | user-controlled value |

2
javascript/ql/test/query-tests/Security/CWE-116/BadTagFilter/BadTagFilter.expected
View File

@@ -13,5 +13,5 @@
| tst.js:18:6:18:48 | <(?:!--([\\S\|\\s]*?)-->)\|([^\\/\\s>]+)[\\S\\s]*?> | Comments ending with --> are matched differently from comments ending with --!>. The first is matched with capture group 1 and comments ending with --!> are matched with capture group 2. |
| tst.js:19:6:19:147 | <(?:(?:\\/([^>]+)>)\|(?:!--([\\S\|\\s]*?)-->)\|(?:([^\\/\\s>]+)((?:\\s+[\\w\\-:.]+(?:\\s*=\\s*?(?:(?:"[^"]*")\|(?:'[^']*')\|[^\\s"'\\/>]+))?)*)[\\S\\s]*?(\\/?)>)) | Comments ending with --> are matched differently from comments ending with --!>. The first is matched with capture group 2 and comments ending with --!> are matched with capture group 3, 4. |
| tst.js:20:3:20:57 | (<[a-z\\/!$]("[^"]*"\|'[^']*'\|[^'">])*>\|<!(--.*?--\\s*)+>) | Comments ending with --> are matched differently from comments ending with --!>. The first is matched with capture group 3 and comments ending with --!> are matched with capture group 1. |
| tst.js:21:6:21:249 | <(?:(?:!--([\\w\\W]*?)-->)\|(?:!\\[CDATA\\[([\\w\\W]*?)\\]\\]>)\|(?:!DOCTYPE([\\w\\W]*?)>)\|(?:\\?([^\\s\\/<>]+) ?([\\w\\W]*?)[?/]>)\|(?:\\/([A-Za-z][A-Za-z0-9\\-_\\:\\.]*)>)\|(?:([A-Za-z][A-Za-z0-9\\-_\\:\\.]*)((?:\\s+[^"'>]+(?:(?:"[^"]*")\|(?:'[^']*')\|[^>]*))*\|\\/\|\\s+)>)) | This regular expression only parses --> (capture group 1) and not --!> as a HTML comment end tag. |
| tst.js:21:6:21:249 | <(?:(?:!--([\\w\\W]*?)-->)\|(?:!\\[CDATA\\[([\\w\\W]*?)\\]\\]>)\|(?:!DOCTYPE([\\w\\W]*?)>)\|(?:\\?([^\\s\\/<>]+) ?([\\w\\W]*?)[?/]>)\|(?:\\/([A-Za-z][A-Za-z0-9\\-_\\:\\.]*)>)\|(?:([A-Za-z][A-Za-z0-9\\-_\\:\\.]*)((?:\\s+[^"'>]+(?:(?:"[^"]*")\|(?:'[^']*')\|[^>]*))*\|\\/\|\\s+)>)) | This regular expression only parses --> (capture group 1) and not --!> as an HTML comment end tag. |
| tst.js:22:6:22:33 | <!--([\\w\\W]*?)-->\|<([^>]*?)> | Comments ending with --> are matched differently from comments ending with --!>. The first is matched with capture group 1 and comments ending with --!> are matched with capture group 2. |

66
javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteMultiCharacterSanitization.expected
View File

@@ -1,39 +1,39 @@
| tst-multi-character-sanitization.js:3:13:3:57 | content ... gi, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:3:30:3:30 | < | <script |
| tst-multi-character-sanitization.js:4:13:4:47 | content ... /g, "") | This string may still contain $@, which may cause a HTML attribute injection vulnerability. | tst-multi-character-sanitization.js:4:30:4:40 | on\\w+=".*" | on |
| tst-multi-character-sanitization.js:5:13:5:49 | content ... /g, "") | This string may still contain $@, which may cause a HTML attribute injection vulnerability. | tst-multi-character-sanitization.js:5:30:5:42 | on\\w+=\\'.*\\' | on |
| tst-multi-character-sanitization.js:9:13:9:47 | content ... gi, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:9:30:9:30 | < | <script |
| tst-multi-character-sanitization.js:10:13:10:49 | content ... /g, "") | This string may still contain $@, which may cause a HTML attribute injection vulnerability. | tst-multi-character-sanitization.js:10:30:10:42 | .on\\w+=.*".*" | on |
| tst-multi-character-sanitization.js:11:13:11:51 | content ... /g, "") | This string may still contain $@, which may cause a HTML attribute injection vulnerability. | tst-multi-character-sanitization.js:11:30:11:44 | .on\\w+=.*\\'.*\\' | on |
| tst-multi-character-sanitization.js:19:3:19:35 | respons ... pt, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:18:18:18:24 | <script | <script |
| tst-multi-character-sanitization.js:25:10:25:40 | text.re ... /g, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:25:24:25:27 | <!-- | <!-- |
| tst-multi-character-sanitization.js:3:13:3:57 | content ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:3:30:3:30 | < | <script |
| tst-multi-character-sanitization.js:4:13:4:47 | content ... /g, "") | This string may still contain $@, which may cause an HTML attribute injection vulnerability. | tst-multi-character-sanitization.js:4:30:4:40 | on\\w+=".*" | on |
| tst-multi-character-sanitization.js:5:13:5:49 | content ... /g, "") | This string may still contain $@, which may cause an HTML attribute injection vulnerability. | tst-multi-character-sanitization.js:5:30:5:42 | on\\w+=\\'.*\\' | on |
| tst-multi-character-sanitization.js:9:13:9:47 | content ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:9:30:9:30 | < | <script |
| tst-multi-character-sanitization.js:10:13:10:49 | content ... /g, "") | This string may still contain $@, which may cause an HTML attribute injection vulnerability. | tst-multi-character-sanitization.js:10:30:10:42 | .on\\w+=.*".*" | on |
| tst-multi-character-sanitization.js:11:13:11:51 | content ... /g, "") | This string may still contain $@, which may cause an HTML attribute injection vulnerability. | tst-multi-character-sanitization.js:11:30:11:44 | .on\\w+=.*\\'.*\\' | on |
| tst-multi-character-sanitization.js:19:3:19:35 | respons ... pt, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:18:18:18:24 | <script | <script |
| tst-multi-character-sanitization.js:25:10:25:40 | text.re ... /g, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:25:24:25:27 | <!-- | <!-- |
| tst-multi-character-sanitization.js:49:13:49:43 | req.url ... EL, "") | This string may still contain $@, which may cause a path injection vulnerability. | tst-multi-character-sanitization.js:48:22:48:23 | \\/ | /.. |
| tst-multi-character-sanitization.js:49:13:49:43 | req.url ... EL, "") | This string may still contain $@, which may cause a path injection vulnerability. | tst-multi-character-sanitization.js:48:26:48:27 | \\. | ../ |
| tst-multi-character-sanitization.js:64:7:64:73 | x.repla ... /g, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:64:18:64:24 | <script | <script |
| tst-multi-character-sanitization.js:66:7:66:56 | x.repla ... /g, "") | This string may still contain $@, which may cause a HTML attribute injection vulnerability. | tst-multi-character-sanitization.js:66:18:66:49 | (\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")? | on |
| tst-multi-character-sanitization.js:75:7:75:37 | x.repla ... gm, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:75:18:75:21 | <!-- | <!-- |
| tst-multi-character-sanitization.js:76:7:76:35 | x.repla ... +/, "") | This string may still contain $@, which may cause a HTML attribute injection vulnerability. | tst-multi-character-sanitization.js:76:18:76:29 | \\sng-[a-z-]+ | ng- |
| tst-multi-character-sanitization.js:77:7:77:36 | x.repla ... /g, "") | This string may still contain $@, which may cause a HTML attribute injection vulnerability. | tst-multi-character-sanitization.js:77:18:77:29 | \\sng-[a-z-]+ | ng- |
| tst-multi-character-sanitization.js:81:7:81:58 | x.repla ... /g, "") | This string may still contain $@, which may cause a HTML attribute injection vulnerability. | tst-multi-character-sanitization.js:81:36:81:39 | only | on |
| tst-multi-character-sanitization.js:81:7:81:58 | x.repla ... /g, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:81:18:81:24 | <script | <script |
| tst-multi-character-sanitization.js:83:7:83:63 | x.repla ... gi, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:83:18:83:21 | <!-- | <!-- |
| tst-multi-character-sanitization.js:64:7:64:73 | x.repla ... /g, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:64:18:64:24 | <script | <script |
| tst-multi-character-sanitization.js:66:7:66:56 | x.repla ... /g, "") | This string may still contain $@, which may cause an HTML attribute injection vulnerability. | tst-multi-character-sanitization.js:66:18:66:49 | (\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")? | on |
| tst-multi-character-sanitization.js:75:7:75:37 | x.repla ... gm, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:75:18:75:21 | <!-- | <!-- |
| tst-multi-character-sanitization.js:76:7:76:35 | x.repla ... +/, "") | This string may still contain $@, which may cause an HTML attribute injection vulnerability. | tst-multi-character-sanitization.js:76:18:76:29 | \\sng-[a-z-]+ | ng- |
| tst-multi-character-sanitization.js:77:7:77:36 | x.repla ... /g, "") | This string may still contain $@, which may cause an HTML attribute injection vulnerability. | tst-multi-character-sanitization.js:77:18:77:29 | \\sng-[a-z-]+ | ng- |
| tst-multi-character-sanitization.js:81:7:81:58 | x.repla ... /g, "") | This string may still contain $@, which may cause an HTML attribute injection vulnerability. | tst-multi-character-sanitization.js:81:36:81:39 | only | on |
| tst-multi-character-sanitization.js:81:7:81:58 | x.repla ... /g, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:81:18:81:24 | <script | <script |
| tst-multi-character-sanitization.js:83:7:83:63 | x.repla ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:83:18:83:21 | <!-- | <!-- |
| tst-multi-character-sanitization.js:85:7:85:48 | x.repla ... /g, "") | This string may still contain $@, which may cause a path injection vulnerability. | tst-multi-character-sanitization.js:85:18:85:21 | \\x2E | ../ |
| tst-multi-character-sanitization.js:87:7:87:47 | x.repla ... gi, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:87:18:87:24 | <script | <script |
| tst-multi-character-sanitization.js:92:7:96:4 | x.repla ... ";\\n }) | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:92:18:92:24 | <script | <script |
| tst-multi-character-sanitization.js:87:7:87:47 | x.repla ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:87:18:87:24 | <script | <script |
| tst-multi-character-sanitization.js:92:7:96:4 | x.repla ... ";\\n }) | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:92:18:92:24 | <script | <script |
| tst-multi-character-sanitization.js:101:7:101:30 | x.repla ... /g, "") | This string may still contain $@, which may cause a path injection vulnerability. | tst-multi-character-sanitization.js:101:18:101:19 | \\. | ../ |
| tst-multi-character-sanitization.js:102:7:102:30 | x.repla ... /g, "") | This string may still contain $@, which may cause a path injection vulnerability. | tst-multi-character-sanitization.js:102:18:102:19 | \\/ | /.. |
| tst-multi-character-sanitization.js:104:7:104:58 | x.repla ... gi, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:104:18:104:24 | <script | <script |
| tst-multi-character-sanitization.js:106:7:106:64 | x.repla ... gi, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:106:18:106:18 | < | <script |
| tst-multi-character-sanitization.js:107:7:107:62 | x.repla ... /g, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:107:18:107:19 | \\< | <script |
| tst-multi-character-sanitization.js:108:7:108:75 | x.repla ... gm, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:108:18:108:18 | < | <script |
| tst-multi-character-sanitization.js:109:7:109:58 | x.repla ... gi, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:109:18:109:24 | <script | <script |
| tst-multi-character-sanitization.js:110:7:110:50 | x.repla ... gi, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:110:18:110:24 | <script | <script |
| tst-multi-character-sanitization.js:111:7:111:32 | x.repla ... /g, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:111:20:111:23 | <!-- | <!-- |
| tst-multi-character-sanitization.js:104:7:104:58 | x.repla ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:104:18:104:24 | <script | <script |
| tst-multi-character-sanitization.js:106:7:106:64 | x.repla ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:106:18:106:18 | < | <script |
| tst-multi-character-sanitization.js:107:7:107:62 | x.repla ... /g, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:107:18:107:19 | \\< | <script |
| tst-multi-character-sanitization.js:108:7:108:75 | x.repla ... gm, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:108:18:108:18 | < | <script |
| tst-multi-character-sanitization.js:109:7:109:58 | x.repla ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:109:18:109:24 | <script | <script |
| tst-multi-character-sanitization.js:110:7:110:50 | x.repla ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:110:18:110:24 | <script | <script |
| tst-multi-character-sanitization.js:111:7:111:32 | x.repla ... /g, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:111:20:111:23 | <!-- | <!-- |
| tst-multi-character-sanitization.js:126:7:129:34 | x\\n . ... //, "") | This string may still contain $@, which may cause a path injection vulnerability. | tst-multi-character-sanitization.js:129:21:129:22 | \\/ | /.. |
| tst-multi-character-sanitization.js:135:2:135:44 | content ... gi, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:135:19:135:25 | <script | <script |
| tst-multi-character-sanitization.js:136:2:136:46 | content ... gi, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:136:19:136:19 | < | <script |
| tst-multi-character-sanitization.js:137:2:137:48 | content ... gi, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:137:19:137:20 | .+ | <script |
| tst-multi-character-sanitization.js:138:2:138:48 | content ... gi, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:138:21:138:21 | < | <script |
| tst-multi-character-sanitization.js:142:13:142:62 | content ... gi, "") | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:142:30:142:36 | <script | <script |
| tst-multi-character-sanitization.js:143:13:143:56 | content ... /g, '') | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:143:30:143:30 | < | <script |
| tst-multi-character-sanitization.js:144:13:144:91 | content ... /g, '') | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:144:30:144:30 | < | <script |
| tst-multi-character-sanitization.js:145:13:145:90 | content ... /g, '') | This string may still contain $@, which may cause a HTML element injection vulnerability. | tst-multi-character-sanitization.js:145:30:145:30 | < | <script |
| tst-multi-character-sanitization.js:135:2:135:44 | content ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:135:19:135:25 | <script | <script |
| tst-multi-character-sanitization.js:136:2:136:46 | content ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:136:19:136:19 | < | <script |
| tst-multi-character-sanitization.js:137:2:137:48 | content ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:137:19:137:20 | .+ | <script |
| tst-multi-character-sanitization.js:138:2:138:48 | content ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:138:21:138:21 | < | <script |
| tst-multi-character-sanitization.js:142:13:142:62 | content ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:142:30:142:36 | <script | <script |
| tst-multi-character-sanitization.js:143:13:143:56 | content ... /g, '') | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:143:30:143:30 | < | <script |
| tst-multi-character-sanitization.js:144:13:144:91 | content ... /g, '') | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:144:30:144:30 | < | <script |
| tst-multi-character-sanitization.js:145:13:145:90 | content ... /g, '') | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:145:30:145:30 | < | <script |

42
javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected
View File

@@ -187,24 +187,24 @@ edges
| logInjectionBad.js:73:20:73:26 | q.query | logInjectionBad.js:73:20:73:35 | q.query.username |
| logInjectionBad.js:73:20:73:35 | q.query.username | logInjectionBad.js:73:9:73:35 | username |
#select
| logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | Log entry depends on $@. | logInjectionBad.js:19:23:19:29 | req.url | a user-provided value |
| logInjectionBad.js:23:37:23:44 | username | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:23:37:23:44 | username | Log entry depends on $@. | logInjectionBad.js:19:23:19:29 | req.url | a user-provided value |
| logInjectionBad.js:24:35:24:42 | username | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:24:35:24:42 | username | Log entry depends on $@. | logInjectionBad.js:19:23:19:29 | req.url | a user-provided value |
| logInjectionBad.js:25:36:25:43 | username | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:25:36:25:43 | username | Log entry depends on $@. | logInjectionBad.js:19:23:19:29 | req.url | a user-provided value |
| logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | Log entry depends on $@. | logInjectionBad.js:19:23:19:29 | req.url | a user-provided value |
| logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | Log entry depends on $@. | logInjectionBad.js:46:23:46:29 | req.url | a user-provided value |
| logInjectionBad.js:50:18:50:47 | colors. ... ername) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:50:18:50:47 | colors. ... ername) | Log entry depends on $@. | logInjectionBad.js:46:23:46:29 | req.url | a user-provided value |
| logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | Log entry depends on $@. | logInjectionBad.js:46:23:46:29 | req.url | a user-provided value |
| logInjectionBad.js:52:17:52:47 | underli ... name))) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:52:17:52:47 | underli ... name))) | Log entry depends on $@. | logInjectionBad.js:46:23:46:29 | req.url | a user-provided value |
| logInjectionBad.js:53:17:53:76 | highlig ... true}) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:53:17:53:76 | highlig ... true}) | Log entry depends on $@. | logInjectionBad.js:46:23:46:29 | req.url | a user-provided value |
| logInjectionBad.js:54:17:54:51 | clc.red ... ername) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:54:17:54:51 | clc.red ... ername) | Log entry depends on $@. | logInjectionBad.js:46:23:46:29 | req.url | a user-provided value |
| logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | Log entry depends on $@. | logInjectionBad.js:46:23:46:29 | req.url | a user-provided value |
| logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | Log entry depends on $@. | logInjectionBad.js:46:23:46:29 | req.url | a user-provided value |
| logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | Log entry depends on $@. | logInjectionBad.js:46:23:46:29 | req.url | a user-provided value |
| logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | Log entry depends on $@. | logInjectionBad.js:46:23:46:29 | req.url | a user-provided value |
| logInjectionBad.js:66:17:66:43 | prettyj ... ername) | logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:66:17:66:43 | prettyj ... ername) | Log entry depends on $@. | logInjectionBad.js:63:23:63:29 | req.url | a user-provided value |
| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:75:15:75:22 | username | Log entry depends on $@. | logInjectionBad.js:72:23:72:29 | req.url | a user-provided value |
| logInjectionBad.js:82:30:82:37 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:82:30:82:37 | username | Log entry depends on $@. | logInjectionBad.js:72:23:72:29 | req.url | a user-provided value |
| logInjectionBad.js:91:26:91:33 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:91:26:91:33 | username | Log entry depends on $@. | logInjectionBad.js:72:23:72:29 | req.url | a user-provided value |
| logInjectionBad.js:99:26:99:33 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:99:26:99:33 | username | Log entry depends on $@. | logInjectionBad.js:72:23:72:29 | req.url | a user-provided value |
| logInjectionBad.js:113:37:113:44 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:113:37:113:44 | username | Log entry depends on $@. | logInjectionBad.js:72:23:72:29 | req.url | a user-provided value |
| logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | Log entry depends on a $@. | logInjectionBad.js:19:23:19:29 | req.url | user-provided value |
| logInjectionBad.js:23:37:23:44 | username | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:23:37:23:44 | username | Log entry depends on a $@. | logInjectionBad.js:19:23:19:29 | req.url | user-provided value |
| logInjectionBad.js:24:35:24:42 | username | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:24:35:24:42 | username | Log entry depends on a $@. | logInjectionBad.js:19:23:19:29 | req.url | user-provided value |
| logInjectionBad.js:25:36:25:43 | username | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:25:36:25:43 | username | Log entry depends on a $@. | logInjectionBad.js:19:23:19:29 | req.url | user-provided value |
| logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | Log entry depends on a $@. | logInjectionBad.js:19:23:19:29 | req.url | user-provided value |
| logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | Log entry depends on a $@. | logInjectionBad.js:46:23:46:29 | req.url | user-provided value |
| logInjectionBad.js:50:18:50:47 | colors. ... ername) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:50:18:50:47 | colors. ... ername) | Log entry depends on a $@. | logInjectionBad.js:46:23:46:29 | req.url | user-provided value |
| logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | Log entry depends on a $@. | logInjectionBad.js:46:23:46:29 | req.url | user-provided value |
| logInjectionBad.js:52:17:52:47 | underli ... name))) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:52:17:52:47 | underli ... name))) | Log entry depends on a $@. | logInjectionBad.js:46:23:46:29 | req.url | user-provided value |
| logInjectionBad.js:53:17:53:76 | highlig ... true}) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:53:17:53:76 | highlig ... true}) | Log entry depends on a $@. | logInjectionBad.js:46:23:46:29 | req.url | user-provided value |
| logInjectionBad.js:54:17:54:51 | clc.red ... ername) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:54:17:54:51 | clc.red ... ername) | Log entry depends on a $@. | logInjectionBad.js:46:23:46:29 | req.url | user-provided value |
| logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | Log entry depends on a $@. | logInjectionBad.js:46:23:46:29 | req.url | user-provided value |
| logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | Log entry depends on a $@. | logInjectionBad.js:46:23:46:29 | req.url | user-provided value |
| logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | Log entry depends on a $@. | logInjectionBad.js:46:23:46:29 | req.url | user-provided value |
| logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | Log entry depends on a $@. | logInjectionBad.js:46:23:46:29 | req.url | user-provided value |
| logInjectionBad.js:66:17:66:43 | prettyj ... ername) | logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:66:17:66:43 | prettyj ... ername) | Log entry depends on a $@. | logInjectionBad.js:63:23:63:29 | req.url | user-provided value |
| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:75:15:75:22 | username | Log entry depends on a $@. | logInjectionBad.js:72:23:72:29 | req.url | user-provided value |
| logInjectionBad.js:82:30:82:37 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:82:30:82:37 | username | Log entry depends on a $@. | logInjectionBad.js:72:23:72:29 | req.url | user-provided value |
| logInjectionBad.js:91:26:91:33 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:91:26:91:33 | username | Log entry depends on a $@. | logInjectionBad.js:72:23:72:29 | req.url | user-provided value |
| logInjectionBad.js:99:26:99:33 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:99:26:99:33 | username | Log entry depends on a $@. | logInjectionBad.js:72:23:72:29 | req.url | user-provided value |
| logInjectionBad.js:113:37:113:44 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:113:37:113:44 | username | Log entry depends on a $@. | logInjectionBad.js:72:23:72:29 | req.url | user-provided value |

16
javascript/ql/test/query-tests/Security/CWE-1275/SameSiteNoneCookie.expected
View File

@@ -1,8 +1,8 @@
| tst-sameSite.js:4:3:8:4 | Cookies ... OK\\n }) | Sensitive cookie with SameSite set to 'None' |
| tst-sameSite.js:20:3:25:4 | cookies ... OK\\n }) | Sensitive cookie with SameSite set to 'None' |
| tst-sameSite.js:38:19:43:4 | cookie. ... ",\\n }) | Sensitive cookie with SameSite set to 'None' |
| tst-sameSite.js:58:3:63:4 | res.coo ... OK\\n }) | Sensitive cookie with SameSite set to 'None' |
| tst-sameSite.js:76:3:82:4 | session ... OK\\n }) | Sensitive cookie with SameSite set to 'None' |
| tst-sameSite.js:98:3:106:4 | express ... },\\n }) | Sensitive cookie with SameSite set to 'None' |
| tst-sameSite.js:126:33:126:70 | "authKe ... Secure" | Sensitive cookie with SameSite set to 'None' |
| tst-sameSite.js:134:3:134:17 | document.cookie | Sensitive cookie with SameSite set to 'None' |
| tst-sameSite.js:4:3:8:4 | Cookies ... OK\\n }) | Sensitive cookie with SameSite set to 'None'. |
| tst-sameSite.js:20:3:25:4 | cookies ... OK\\n }) | Sensitive cookie with SameSite set to 'None'. |
| tst-sameSite.js:38:19:43:4 | cookie. ... ",\\n }) | Sensitive cookie with SameSite set to 'None'. |
| tst-sameSite.js:58:3:63:4 | res.coo ... OK\\n }) | Sensitive cookie with SameSite set to 'None'. |
| tst-sameSite.js:76:3:82:4 | session ... OK\\n }) | Sensitive cookie with SameSite set to 'None'. |
| tst-sameSite.js:98:3:106:4 | express ... },\\n }) | Sensitive cookie with SameSite set to 'None'. |
| tst-sameSite.js:126:33:126:70 | "authKe ... Secure" | Sensitive cookie with SameSite set to 'None'. |
| tst-sameSite.js:134:3:134:17 | document.cookie | Sensitive cookie with SameSite set to 'None'. |

40
javascript/ql/test/query-tests/Security/CWE-134/TaintedFormatString.expected
View File

@@ -81,23 +81,23 @@ edges
| tst.js:25:33:25:48 | req.query.format | tst.js:25:33:25:48 | req.query.format |
| tst.js:26:34:26:49 | req.query.format | tst.js:26:34:26:49 | req.query.format |
#select
| tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format | Format string depends on $@. | tst.js:5:15:5:30 | req.query.format | a user-provided value |
| tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format | Format string depends on $@. | tst.js:6:26:6:41 | req.query.format | a user-provided value |
| tst.js:7:15:7:30 | req.query.format | tst.js:7:15:7:30 | req.query.format | tst.js:7:15:7:30 | req.query.format | Format string depends on $@. | tst.js:7:15:7:30 | req.query.format | a user-provided value |
| tst.js:8:17:8:32 | req.query.format | tst.js:8:17:8:32 | req.query.format | tst.js:8:17:8:32 | req.query.format | Format string depends on $@. | tst.js:8:17:8:32 | req.query.format | a user-provided value |
| tst.js:9:16:9:31 | req.query.format | tst.js:9:16:9:31 | req.query.format | tst.js:9:16:9:31 | req.query.format | Format string depends on $@. | tst.js:9:16:9:31 | req.query.format | a user-provided value |
| tst.js:10:12:10:27 | req.query.format | tst.js:10:12:10:27 | req.query.format | tst.js:10:12:10:27 | req.query.format | Format string depends on $@. | tst.js:10:12:10:27 | req.query.format | a user-provided value |
| tst.js:11:32:11:47 | req.query.format | tst.js:11:32:11:47 | req.query.format | tst.js:11:32:11:47 | req.query.format | Format string depends on $@. | tst.js:11:32:11:47 | req.query.format | a user-provided value |
| tst.js:12:21:12:36 | req.query.format | tst.js:12:21:12:36 | req.query.format | tst.js:12:21:12:36 | req.query.format | Format string depends on $@. | tst.js:12:21:12:36 | req.query.format | a user-provided value |
| tst.js:13:35:13:50 | req.query.format | tst.js:13:35:13:50 | req.query.format | tst.js:13:35:13:50 | req.query.format | Format string depends on $@. | tst.js:13:35:13:50 | req.query.format | a user-provided value |
| tst.js:14:29:14:44 | req.query.format | tst.js:14:29:14:44 | req.query.format | tst.js:14:29:14:44 | req.query.format | Format string depends on $@. | tst.js:14:29:14:44 | req.query.format | a user-provided value |
| tst.js:15:30:15:45 | req.query.format | tst.js:15:30:15:45 | req.query.format | tst.js:15:30:15:45 | req.query.format | Format string depends on $@. | tst.js:15:30:15:45 | req.query.format | a user-provided value |
| tst.js:16:26:16:41 | req.query.format | tst.js:16:26:16:41 | req.query.format | tst.js:16:26:16:41 | req.query.format | Format string depends on $@. | tst.js:16:26:16:41 | req.query.format | a user-provided value |
| tst.js:17:30:17:45 | req.query.format | tst.js:17:30:17:45 | req.query.format | tst.js:17:30:17:45 | req.query.format | Format string depends on $@. | tst.js:17:30:17:45 | req.query.format | a user-provided value |
| tst.js:18:38:18:53 | req.query.format | tst.js:18:38:18:53 | req.query.format | tst.js:18:38:18:53 | req.query.format | Format string depends on $@. | tst.js:18:38:18:53 | req.query.format | a user-provided value |
| tst.js:20:17:20:32 | req.query.format | tst.js:20:17:20:32 | req.query.format | tst.js:20:17:20:32 | req.query.format | Format string depends on $@. | tst.js:20:17:20:32 | req.query.format | a user-provided value |
| tst.js:21:16:21:31 | req.query.format | tst.js:21:16:21:31 | req.query.format | tst.js:21:16:21:31 | req.query.format | Format string depends on $@. | tst.js:21:16:21:31 | req.query.format | a user-provided value |
| tst.js:22:17:22:32 | req.query.format | tst.js:22:17:22:32 | req.query.format | tst.js:22:17:22:32 | req.query.format | Format string depends on $@. | tst.js:22:17:22:32 | req.query.format | a user-provided value |
| tst.js:24:25:24:40 | req.query.format | tst.js:24:25:24:40 | req.query.format | tst.js:24:25:24:40 | req.query.format | Format string depends on $@. | tst.js:24:25:24:40 | req.query.format | a user-provided value |
| tst.js:25:33:25:48 | req.query.format | tst.js:25:33:25:48 | req.query.format | tst.js:25:33:25:48 | req.query.format | Format string depends on $@. | tst.js:25:33:25:48 | req.query.format | a user-provided value |
| tst.js:26:34:26:49 | req.query.format | tst.js:26:34:26:49 | req.query.format | tst.js:26:34:26:49 | req.query.format | Format string depends on $@. | tst.js:26:34:26:49 | req.query.format | a user-provided value |
| tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format | Format string depends on a $@. | tst.js:5:15:5:30 | req.query.format | user-provided value |
| tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format | Format string depends on a $@. | tst.js:6:26:6:41 | req.query.format | user-provided value |
| tst.js:7:15:7:30 | req.query.format | tst.js:7:15:7:30 | req.query.format | tst.js:7:15:7:30 | req.query.format | Format string depends on a $@. | tst.js:7:15:7:30 | req.query.format | user-provided value |
| tst.js:8:17:8:32 | req.query.format | tst.js:8:17:8:32 | req.query.format | tst.js:8:17:8:32 | req.query.format | Format string depends on a $@. | tst.js:8:17:8:32 | req.query.format | user-provided value |
| tst.js:9:16:9:31 | req.query.format | tst.js:9:16:9:31 | req.query.format | tst.js:9:16:9:31 | req.query.format | Format string depends on a $@. | tst.js:9:16:9:31 | req.query.format | user-provided value |
| tst.js:10:12:10:27 | req.query.format | tst.js:10:12:10:27 | req.query.format | tst.js:10:12:10:27 | req.query.format | Format string depends on a $@. | tst.js:10:12:10:27 | req.query.format | user-provided value |
| tst.js:11:32:11:47 | req.query.format | tst.js:11:32:11:47 | req.query.format | tst.js:11:32:11:47 | req.query.format | Format string depends on a $@. | tst.js:11:32:11:47 | req.query.format | user-provided value |
| tst.js:12:21:12:36 | req.query.format | tst.js:12:21:12:36 | req.query.format | tst.js:12:21:12:36 | req.query.format | Format string depends on a $@. | tst.js:12:21:12:36 | req.query.format | user-provided value |
| tst.js:13:35:13:50 | req.query.format | tst.js:13:35:13:50 | req.query.format | tst.js:13:35:13:50 | req.query.format | Format string depends on a $@. | tst.js:13:35:13:50 | req.query.format | user-provided value |
| tst.js:14:29:14:44 | req.query.format | tst.js:14:29:14:44 | req.query.format | tst.js:14:29:14:44 | req.query.format | Format string depends on a $@. | tst.js:14:29:14:44 | req.query.format | user-provided value |
| tst.js:15:30:15:45 | req.query.format | tst.js:15:30:15:45 | req.query.format | tst.js:15:30:15:45 | req.query.format | Format string depends on a $@. | tst.js:15:30:15:45 | req.query.format | user-provided value |
| tst.js:16:26:16:41 | req.query.format | tst.js:16:26:16:41 | req.query.format | tst.js:16:26:16:41 | req.query.format | Format string depends on a $@. | tst.js:16:26:16:41 | req.query.format | user-provided value |
| tst.js:17:30:17:45 | req.query.format | tst.js:17:30:17:45 | req.query.format | tst.js:17:30:17:45 | req.query.format | Format string depends on a $@. | tst.js:17:30:17:45 | req.query.format | user-provided value |
| tst.js:18:38:18:53 | req.query.format | tst.js:18:38:18:53 | req.query.format | tst.js:18:38:18:53 | req.query.format | Format string depends on a $@. | tst.js:18:38:18:53 | req.query.format | user-provided value |
| tst.js:20:17:20:32 | req.query.format | tst.js:20:17:20:32 | req.query.format | tst.js:20:17:20:32 | req.query.format | Format string depends on a $@. | tst.js:20:17:20:32 | req.query.format | user-provided value |
| tst.js:21:16:21:31 | req.query.format | tst.js:21:16:21:31 | req.query.format | tst.js:21:16:21:31 | req.query.format | Format string depends on a $@. | tst.js:21:16:21:31 | req.query.format | user-provided value |
| tst.js:22:17:22:32 | req.query.format | tst.js:22:17:22:32 | req.query.format | tst.js:22:17:22:32 | req.query.format | Format string depends on a $@. | tst.js:22:17:22:32 | req.query.format | user-provided value |
| tst.js:24:25:24:40 | req.query.format | tst.js:24:25:24:40 | req.query.format | tst.js:24:25:24:40 | req.query.format | Format string depends on a $@. | tst.js:24:25:24:40 | req.query.format | user-provided value |
| tst.js:25:33:25:48 | req.query.format | tst.js:25:33:25:48 | req.query.format | tst.js:25:33:25:48 | req.query.format | Format string depends on a $@. | tst.js:25:33:25:48 | req.query.format | user-provided value |
| tst.js:26:34:26:49 | req.query.format | tst.js:26:34:26:49 | req.query.format | tst.js:26:34:26:49 | req.query.format | Format string depends on a $@. | tst.js:26:34:26:49 | req.query.format | user-provided value |

14
javascript/ql/test/query-tests/Security/CWE-178/CaseSensitiveMiddlewarePath.expected
View File

@@ -1,7 +1,7 @@
| tst.js:8:9:8:19 | /\\/foo\\/.*/ | This route uses a case-sensitive path $@, but is guarding a case-insensitive path $@. A path such as '/FOO/1' will bypass the middleware. | tst.js:8:9:8:19 | /\\/foo\\/.*/ | pattern | tst.js:60:1:61:2 | app.get ... ware\\n}) | here |
| tst.js:14:5:14:28 | new Reg ... (.*)?') | This route uses a case-sensitive path $@, but is guarding a case-insensitive path $@. A path such as '/FOO/1' will bypass the middleware. | tst.js:14:5:14:28 | new Reg ... (.*)?') | pattern | tst.js:60:1:61:2 | app.get ... ware\\n}) | here |
| tst.js:41:9:41:25 | /\\/foo\\/([0-9]+)/ | This route uses a case-sensitive path $@, but is guarding a case-insensitive path $@. A path such as '/FOO/1' will bypass the middleware. | tst.js:41:9:41:25 | /\\/foo\\/([0-9]+)/ | pattern | tst.js:60:1:61:2 | app.get ... ware\\n}) | here |
| tst.js:64:5:64:28 | new Reg ... (.*)?') | This route uses a case-sensitive path $@, but is guarding a case-insensitive path $@. A path such as '/BAR/1' will bypass the middleware. | tst.js:64:5:64:28 | new Reg ... (.*)?') | pattern | tst.js:73:1:74:2 | app.get ... ware\\n}) | here |
| tst.js:76:9:76:20 | /\\/baz\\/bla/ | This route uses a case-sensitive path $@, but is guarding a case-insensitive path $@. A path such as '/BAZ/BLA' will bypass the middleware. | tst.js:76:9:76:20 | /\\/baz\\/bla/ | pattern | tst.js:77:1:79:2 | app.get ... });\\n}) | here |
| tst.js:86:9:86:30 | /\\/[Bb] ... 3\\/[a]/ | This route uses a case-sensitive path $@, but is guarding a case-insensitive path $@. A path such as '/BAZ3/A' will bypass the middleware. | tst.js:86:9:86:30 | /\\/[Bb] ... 3\\/[a]/ | pattern | tst.js:87:1:89:2 | app.get ... });\\n}) | here |
| tst.js:91:9:91:40 | /\\/summ ... ntGame/ | This route uses a case-sensitive path $@, but is guarding a case-insensitive path $@. A path such as '/CURRENTGAME' will bypass the middleware. | tst.js:91:9:91:40 | /\\/summ ... ntGame/ | pattern | tst.js:93:1:95:2 | app.get ... O");\\n}) | here |
| tst.js:8:9:8:19 | /\\/foo\\/.*/ | This route uses a case-sensitive path $@, but is guarding a $@. A path such as '/FOO/1' will bypass the middleware. | tst.js:8:9:8:19 | /\\/foo\\/.*/ | pattern | tst.js:60:1:61:2 | app.get ... ware\\n}) | case-insensitive path |
| tst.js:14:5:14:28 | new Reg ... (.*)?') | This route uses a case-sensitive path $@, but is guarding a $@. A path such as '/FOO/1' will bypass the middleware. | tst.js:14:5:14:28 | new Reg ... (.*)?') | pattern | tst.js:60:1:61:2 | app.get ... ware\\n}) | case-insensitive path |
| tst.js:41:9:41:25 | /\\/foo\\/([0-9]+)/ | This route uses a case-sensitive path $@, but is guarding a $@. A path such as '/FOO/1' will bypass the middleware. | tst.js:41:9:41:25 | /\\/foo\\/([0-9]+)/ | pattern | tst.js:60:1:61:2 | app.get ... ware\\n}) | case-insensitive path |
| tst.js:64:5:64:28 | new Reg ... (.*)?') | This route uses a case-sensitive path $@, but is guarding a $@. A path such as '/BAR/1' will bypass the middleware. | tst.js:64:5:64:28 | new Reg ... (.*)?') | pattern | tst.js:73:1:74:2 | app.get ... ware\\n}) | case-insensitive path |
| tst.js:76:9:76:20 | /\\/baz\\/bla/ | This route uses a case-sensitive path $@, but is guarding a $@. A path such as '/BAZ/BLA' will bypass the middleware. | tst.js:76:9:76:20 | /\\/baz\\/bla/ | pattern | tst.js:77:1:79:2 | app.get ... });\\n}) | case-insensitive path |
| tst.js:86:9:86:30 | /\\/[Bb] ... 3\\/[a]/ | This route uses a case-sensitive path $@, but is guarding a $@. A path such as '/BAZ3/A' will bypass the middleware. | tst.js:86:9:86:30 | /\\/[Bb] ... 3\\/[a]/ | pattern | tst.js:87:1:89:2 | app.get ... });\\n}) | case-insensitive path |
| tst.js:91:9:91:40 | /\\/summ ... ntGame/ | This route uses a case-sensitive path $@, but is guarding a $@. A path such as '/CURRENTGAME' will bypass the middleware. | tst.js:91:9:91:40 | /\\/summ ... ntGame/ | pattern | tst.js:93:1:95:2 | app.get ... O");\\n}) | case-insensitive path |

18
javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected
View File

@@ -135,12 +135,12 @@ edges
| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } |
| sentAsHeaders.js:24:47:24:53 | content | sentAsHeaders.js:24:31:24:53 | "http:/ ... content |
#select
| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | Outbound network request depends on $@ | FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | file data |
| bufferRead.js:33:21:33:28 | postData | bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:33:21:33:28 | postData | Outbound network request depends on $@ | bufferRead.js:12:22:12:43 | new Buf ... s.size) | file data |
| googlecompiler.js:38:18:38:26 | post_data | googlecompiler.js:44:54:44:57 | data | googlecompiler.js:38:18:38:26 | post_data | Outbound network request depends on $@ | googlecompiler.js:44:54:44:57 | data | file data |
| readFileSync.js:26:18:26:18 | s | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:26:18:26:18 | s | Outbound network request depends on $@ | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | file data |
| readStreamRead.js:30:19:30:23 | chunk | readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:30:19:30:23 | chunk | Outbound network request depends on $@ | readStreamRead.js:13:21:13:35 | readable.read() | file data |
| request.js:8:11:8:20 | {jsonData} | request.js:28:52:28:55 | data | request.js:8:11:8:20 | {jsonData} | Outbound network request depends on $@ | request.js:28:52:28:55 | data | file data |
| request.js:16:11:23:3 | {\\n u ... ody\\n } | request.js:43:51:43:54 | data | request.js:16:11:23:3 | {\\n u ... ody\\n } | Outbound network request depends on $@ | request.js:43:51:43:54 | data | file data |
| sentAsHeaders.js:14:20:19:9 | {\\n ... } | sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:14:20:19:9 | {\\n ... } | Outbound network request depends on $@ | sentAsHeaders.js:10:79:10:84 | buffer | file data |
| sentAsHeaders.js:20:20:25:9 | {\\n ... } | sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:20:20:25:9 | {\\n ... } | Outbound network request depends on $@ | sentAsHeaders.js:10:79:10:84 | buffer | file data |
| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | Outbound network request depends on $@. | FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | file data |
| bufferRead.js:33:21:33:28 | postData | bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:33:21:33:28 | postData | Outbound network request depends on $@. | bufferRead.js:12:22:12:43 | new Buf ... s.size) | file data |
| googlecompiler.js:38:18:38:26 | post_data | googlecompiler.js:44:54:44:57 | data | googlecompiler.js:38:18:38:26 | post_data | Outbound network request depends on $@. | googlecompiler.js:44:54:44:57 | data | file data |
| readFileSync.js:26:18:26:18 | s | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:26:18:26:18 | s | Outbound network request depends on $@. | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | file data |
| readStreamRead.js:30:19:30:23 | chunk | readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:30:19:30:23 | chunk | Outbound network request depends on $@. | readStreamRead.js:13:21:13:35 | readable.read() | file data |
| request.js:8:11:8:20 | {jsonData} | request.js:28:52:28:55 | data | request.js:8:11:8:20 | {jsonData} | Outbound network request depends on $@. | request.js:28:52:28:55 | data | file data |
| request.js:16:11:23:3 | {\\n u ... ody\\n } | request.js:43:51:43:54 | data | request.js:16:11:23:3 | {\\n u ... ody\\n } | Outbound network request depends on $@. | request.js:43:51:43:54 | data | file data |
| sentAsHeaders.js:14:20:19:9 | {\\n ... } | sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:14:20:19:9 | {\\n ... } | Outbound network request depends on $@. | sentAsHeaders.js:10:79:10:84 | buffer | file data |
| sentAsHeaders.js:20:20:25:9 | {\\n ... } | sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:20:20:25:9 | {\\n ... } | Outbound network request depends on $@. | sentAsHeaders.js:10:79:10:84 | buffer | file data |

6
javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected
View File

@@ -29,6 +29,6 @@ edges
| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack |
| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack |
#select
| node.js:11:13:11:21 | err.stack | node.js:8:10:8:12 | err | node.js:11:13:11:21 | err.stack | $@ flows to this location and may be exposed to an external user. | node.js:8:10:8:12 | err | Stack trace information |
| tst.js:7:13:7:13 | e | tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | $@ flows to this location and may be exposed to an external user. | tst.js:6:12:6:12 | e | Stack trace information |
| tst.js:17:11:17:17 | e.stack | tst.js:6:12:6:12 | e | tst.js:17:11:17:17 | e.stack | $@ flows to this location and may be exposed to an external user. | tst.js:6:12:6:12 | e | Stack trace information |
| node.js:11:13:11:21 | err.stack | node.js:8:10:8:12 | err | node.js:11:13:11:21 | err.stack | This information exposed to the user depends on $@. | node.js:8:10:8:12 | err | stack trace information |
| tst.js:7:13:7:13 | e | tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | This information exposed to the user depends on $@. | tst.js:6:12:6:12 | e | stack trace information |
| tst.js:17:11:17:17 | e.stack | tst.js:6:12:6:12 | e | tst.js:17:11:17:17 | e.stack | This information exposed to the user depends on $@. | tst.js:6:12:6:12 | e | stack trace information |

6
javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected
View File

@@ -54,6 +54,6 @@ edges
| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } |
| build-leaks.js:41:82:41:83 | pw | build-leaks.js:41:67:41:84 | JSON.stringify(pw) |
#select
| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | build-leaks.js:5:35:5:45 | process.env | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | Sensitive data returned by $@ flows to this location and is stored in a build artifact. | build-leaks.js:5:35:5:45 | process.env | process environment |
| build-leaks.js:34:26:34:57 | getEnv( ... ngified | build-leaks.js:15:24:15:34 | process.env | build-leaks.js:34:26:34:57 | getEnv( ... ngified | Sensitive data returned by $@ flows to this location and is stored in a build artifact. | build-leaks.js:15:24:15:34 | process.env | process environment |
| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | Sensitive data returned by $@ flows to this location and is stored in a build artifact. | build-leaks.js:40:14:40:60 | url.par ... assword | an access to current_password |
| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | build-leaks.js:5:35:5:45 | process.env | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | This creates a build artifact that depends on $@. | build-leaks.js:5:35:5:45 | process.env | sensitive data returned byprocess environment |
| build-leaks.js:34:26:34:57 | getEnv( ... ngified | build-leaks.js:15:24:15:34 | process.env | build-leaks.js:34:26:34:57 | getEnv( ... ngified | This creates a build artifact that depends on $@. | build-leaks.js:15:24:15:34 | process.env | sensitive data returned byprocess environment |
| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | This creates a build artifact that depends on $@. | build-leaks.js:40:14:40:60 | url.par ... assword | sensitive data returned byan access to current_password |

78
javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
View File

@@ -288,42 +288,42 @@ edges
| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x |
| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x |
#select
| passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password | $@ is logged here. | passwords.js:2:17:2:24 | password | Sensitive data returned by an access to password |
| passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password | $@ is logged here. | passwords.js:3:17:3:26 | o.password | Sensitive data returned by an access to password |
| passwords.js:4:17:4:29 | getPassword() | passwords.js:4:17:4:29 | getPassword() | passwords.js:4:17:4:29 | getPassword() | $@ is logged here. | passwords.js:4:17:4:29 | getPassword() | Sensitive data returned by a call to getPassword |
| passwords.js:5:17:5:31 | o.getPassword() | passwords.js:5:17:5:31 | o.getPassword() | passwords.js:5:17:5:31 | o.getPassword() | $@ is logged here. | passwords.js:5:17:5:31 | o.getPassword() | Sensitive data returned by a call to getPassword |
| passwords.js:8:21:8:21 | x | passwords.js:10:11:10:18 | password | passwords.js:8:21:8:21 | x | $@ is logged here. | passwords.js:10:11:10:18 | password | Sensitive data returned by an access to password |
| passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password | $@ is logged here. | passwords.js:12:18:12:25 | password | Sensitive data returned by an access to password |
| passwords.js:14:17:14:38 | name + ... assword | passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | $@ is logged here. | passwords.js:14:31:14:38 | password | Sensitive data returned by an access to password |
| passwords.js:16:17:16:38 | `${name ... sword}` | passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | $@ is logged here. | passwords.js:16:29:16:36 | password | Sensitive data returned by an access to password |
| passwords.js:21:17:21:20 | obj1 | passwords.js:18:16:20:5 | {\\n ... x\\n } | passwords.js:21:17:21:20 | obj1 | $@ is logged here. | passwords.js:18:16:20:5 | {\\n ... x\\n } | Sensitive data returned by an access to password |
| passwords.js:26:17:26:20 | obj2 | passwords.js:24:12:24:19 | password | passwords.js:26:17:26:20 | obj2 | $@ is logged here. | passwords.js:24:12:24:19 | password | Sensitive data returned by an access to password |
| passwords.js:29:17:29:20 | obj3 | passwords.js:30:14:30:21 | password | passwords.js:29:17:29:20 | obj3 | $@ is logged here. | passwords.js:30:14:30:21 | password | Sensitive data returned by an access to password |
| passwords.js:78:17:78:38 | temp.en ... assword | passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | $@ is logged here. | passwords.js:77:37:77:53 | req.body.password | Sensitive data returned by an access to password |
| passwords.js:81:17:81:31 | `pw: ${secret}` | passwords.js:80:18:80:25 | password | passwords.js:81:17:81:31 | `pw: ${secret}` | $@ is logged here. | passwords.js:80:18:80:25 | password | Sensitive data returned by an access to password |
| passwords.js:93:21:93:46 | "Passwo ... assword | passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | $@ is logged here. | passwords.js:93:39:93:46 | password | Sensitive data returned by an access to password |
| passwords.js:98:21:98:46 | "Passwo ... assword | passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | $@ is logged here. | passwords.js:98:39:98:46 | password | Sensitive data returned by an access to password |
| passwords.js:105:21:105:46 | "Passwo ... assword | passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | $@ is logged here. | passwords.js:105:39:105:46 | password | Sensitive data returned by an access to password |
| passwords.js:110:21:110:46 | "Passwo ... assword | passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | $@ is logged here. | passwords.js:110:39:110:46 | password | Sensitive data returned by an access to password |
| passwords.js:114:25:114:50 | "Passwo ... assword | passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | $@ is logged here. | passwords.js:114:43:114:50 | password | Sensitive data returned by an access to password |
| passwords.js:119:21:119:46 | "Passwo ... assword | passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | $@ is logged here. | passwords.js:119:39:119:46 | password | Sensitive data returned by an access to password |
| passwords.js:122:17:122:49 | name + ... tring() | passwords.js:122:31:122:38 | password | passwords.js:122:17:122:49 | name + ... tring() | $@ is logged here. | passwords.js:122:31:122:38 | password | Sensitive data returned by an access to password |
| passwords.js:123:17:123:48 | name + ... lueOf() | passwords.js:123:31:123:38 | password | passwords.js:123:17:123:48 | name + ... lueOf() | $@ is logged here. | passwords.js:123:31:123:38 | password | Sensitive data returned by an access to password |
| passwords.js:135:17:135:22 | config | passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:135:17:135:22 | config | $@ is logged here. | passwords.js:127:18:132:5 | {\\n ... )\\n } | Sensitive data returned by an access to password |
| passwords.js:135:17:135:22 | config | passwords.js:130:12:130:19 | password | passwords.js:135:17:135:22 | config | $@ is logged here. | passwords.js:130:12:130:19 | password | Sensitive data returned by an access to password |
| passwords.js:135:17:135:22 | config | passwords.js:131:12:131:24 | getPassword() | passwords.js:135:17:135:22 | config | $@ is logged here. | passwords.js:131:12:131:24 | getPassword() | Sensitive data returned by a call to getPassword |
| passwords.js:136:17:136:24 | config.x | passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | $@ is logged here. | passwords.js:130:12:130:19 | password | Sensitive data returned by an access to password |
| passwords.js:137:17:137:24 | config.y | passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y | $@ is logged here. | passwords.js:131:12:131:24 | getPassword() | Sensitive data returned by a call to getPassword |
| passwords.js:142:26:142:34 | arguments | passwords.js:147:12:147:19 | password | passwords.js:142:26:142:34 | arguments | $@ is logged here. | passwords.js:147:12:147:19 | password | Sensitive data returned by an access to password |
| passwords.js:142:26:142:34 | arguments | passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | $@ is logged here. | passwords.js:150:21:150:31 | process.env | Sensitive data returned by process environment |
| passwords.js:142:26:142:34 | arguments | passwords.js:152:33:152:43 | process.env | passwords.js:142:26:142:34 | arguments | $@ is logged here. | passwords.js:152:33:152:43 | process.env | Sensitive data returned by process environment |
| passwords.js:156:17:156:27 | process.env | passwords.js:156:17:156:27 | process.env | passwords.js:156:17:156:27 | process.env | $@ is logged here. | passwords.js:156:17:156:27 | process.env | Sensitive data returned by process environment |
| passwords.js:163:14:163:41 | passwor ... g, "*") | passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | $@ is logged here. | passwords.js:163:14:163:21 | password | Sensitive data returned by an access to password |
| passwords.js:164:14:164:42 | passwor ... g, "*") | passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | $@ is logged here. | passwords.js:164:14:164:21 | password | Sensitive data returned by an access to password |
| passwords.js:169:17:169:45 | passwor ... g, "*") | passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | $@ is logged here. | passwords.js:169:17:169:24 | password | Sensitive data returned by an access to password |
| passwords.js:170:11:170:39 | passwor ... g, "*") | passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | $@ is logged here. | passwords.js:170:11:170:18 | password | Sensitive data returned by an access to password |
| passwords_in_server_1.js:6:13:6:20 | password | passwords_in_server_1.js:6:13:6:20 | password | passwords_in_server_1.js:6:13:6:20 | password | $@ is logged here. | passwords_in_server_1.js:6:13:6:20 | password | Sensitive data returned by an access to password |
| passwords_in_server_2.js:3:13:3:20 | password | passwords_in_server_2.js:3:13:3:20 | password | passwords_in_server_2.js:3:13:3:20 | password | $@ is logged here. | passwords_in_server_2.js:3:13:3:20 | password | Sensitive data returned by an access to password |
| passwords_in_server_3.js:2:13:2:20 | password | passwords_in_server_3.js:2:13:2:20 | password | passwords_in_server_3.js:2:13:2:20 | password | $@ is logged here. | passwords_in_server_3.js:2:13:2:20 | password | Sensitive data returned by an access to password |
| passwords_in_server_4.js:2:13:2:20 | password | passwords_in_server_4.js:2:13:2:20 | password | passwords_in_server_4.js:2:13:2:20 | password | $@ is logged here. | passwords_in_server_4.js:2:13:2:20 | password | Sensitive data returned by an access to password |
| passwords_in_server_5.js:8:17:8:17 | x | passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:8:17:8:17 | x | $@ is logged here. | passwords_in_server_5.js:4:7:4:24 | req.query.password | Sensitive data returned by an access to password |
| passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password | This logs sensitive data returned by $@ as clear text. | passwords.js:2:17:2:24 | password | an access to password |
| passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password | This logs sensitive data returned by $@ as clear text. | passwords.js:3:17:3:26 | o.password | an access to password |
| passwords.js:4:17:4:29 | getPassword() | passwords.js:4:17:4:29 | getPassword() | passwords.js:4:17:4:29 | getPassword() | This logs sensitive data returned by $@ as clear text. | passwords.js:4:17:4:29 | getPassword() | a call to getPassword |
| passwords.js:5:17:5:31 | o.getPassword() | passwords.js:5:17:5:31 | o.getPassword() | passwords.js:5:17:5:31 | o.getPassword() | This logs sensitive data returned by $@ as clear text. | passwords.js:5:17:5:31 | o.getPassword() | a call to getPassword |
| passwords.js:8:21:8:21 | x | passwords.js:10:11:10:18 | password | passwords.js:8:21:8:21 | x | This logs sensitive data returned by $@ as clear text. | passwords.js:10:11:10:18 | password | an access to password |
| passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password | This logs sensitive data returned by $@ as clear text. | passwords.js:12:18:12:25 | password | an access to password |
| passwords.js:14:17:14:38 | name + ... assword | passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:14:31:14:38 | password | an access to password |
| passwords.js:16:17:16:38 | `${name ... sword}` | passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | This logs sensitive data returned by $@ as clear text. | passwords.js:16:29:16:36 | password | an access to password |
| passwords.js:21:17:21:20 | obj1 | passwords.js:18:16:20:5 | {\\n ... x\\n } | passwords.js:21:17:21:20 | obj1 | This logs sensitive data returned by $@ as clear text. | passwords.js:18:16:20:5 | {\\n ... x\\n } | an access to password |
| passwords.js:26:17:26:20 | obj2 | passwords.js:24:12:24:19 | password | passwords.js:26:17:26:20 | obj2 | This logs sensitive data returned by $@ as clear text. | passwords.js:24:12:24:19 | password | an access to password |
| passwords.js:29:17:29:20 | obj3 | passwords.js:30:14:30:21 | password | passwords.js:29:17:29:20 | obj3 | This logs sensitive data returned by $@ as clear text. | passwords.js:30:14:30:21 | password | an access to password |
| passwords.js:78:17:78:38 | temp.en ... assword | passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:77:37:77:53 | req.body.password | an access to password |
| passwords.js:81:17:81:31 | `pw: ${secret}` | passwords.js:80:18:80:25 | password | passwords.js:81:17:81:31 | `pw: ${secret}` | This logs sensitive data returned by $@ as clear text. | passwords.js:80:18:80:25 | password | an access to password |
| passwords.js:93:21:93:46 | "Passwo ... assword | passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:93:39:93:46 | password | an access to password |
| passwords.js:98:21:98:46 | "Passwo ... assword | passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:98:39:98:46 | password | an access to password |
| passwords.js:105:21:105:46 | "Passwo ... assword | passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:105:39:105:46 | password | an access to password |
| passwords.js:110:21:110:46 | "Passwo ... assword | passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:110:39:110:46 | password | an access to password |
| passwords.js:114:25:114:50 | "Passwo ... assword | passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:114:43:114:50 | password | an access to password |
| passwords.js:119:21:119:46 | "Passwo ... assword | passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:119:39:119:46 | password | an access to password |
| passwords.js:122:17:122:49 | name + ... tring() | passwords.js:122:31:122:38 | password | passwords.js:122:17:122:49 | name + ... tring() | This logs sensitive data returned by $@ as clear text. | passwords.js:122:31:122:38 | password | an access to password |
| passwords.js:123:17:123:48 | name + ... lueOf() | passwords.js:123:31:123:38 | password | passwords.js:123:17:123:48 | name + ... lueOf() | This logs sensitive data returned by $@ as clear text. | passwords.js:123:31:123:38 | password | an access to password |
| passwords.js:135:17:135:22 | config | passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:127:18:132:5 | {\\n ... )\\n } | an access to password |
| passwords.js:135:17:135:22 | config | passwords.js:130:12:130:19 | password | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:130:12:130:19 | password | an access to password |
| passwords.js:135:17:135:22 | config | passwords.js:131:12:131:24 | getPassword() | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:131:12:131:24 | getPassword() | a call to getPassword |
| passwords.js:136:17:136:24 | config.x | passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | This logs sensitive data returned by $@ as clear text. | passwords.js:130:12:130:19 | password | an access to password |
| passwords.js:137:17:137:24 | config.y | passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y | This logs sensitive data returned by $@ as clear text. | passwords.js:131:12:131:24 | getPassword() | a call to getPassword |
| passwords.js:142:26:142:34 | arguments | passwords.js:147:12:147:19 | password | passwords.js:142:26:142:34 | arguments | This logs sensitive data returned by $@ as clear text. | passwords.js:147:12:147:19 | password | an access to password |
| passwords.js:142:26:142:34 | arguments | passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | This logs sensitive data returned by $@ as clear text. | passwords.js:150:21:150:31 | process.env | process environment |
| passwords.js:142:26:142:34 | arguments | passwords.js:152:33:152:43 | process.env | passwords.js:142:26:142:34 | arguments | This logs sensitive data returned by $@ as clear text. | passwords.js:152:33:152:43 | process.env | process environment |
| passwords.js:156:17:156:27 | process.env | passwords.js:156:17:156:27 | process.env | passwords.js:156:17:156:27 | process.env | This logs sensitive data returned by $@ as clear text. | passwords.js:156:17:156:27 | process.env | process environment |
| passwords.js:163:14:163:41 | passwor ... g, "*") | passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | This logs sensitive data returned by $@ as clear text. | passwords.js:163:14:163:21 | password | an access to password |
| passwords.js:164:14:164:42 | passwor ... g, "*") | passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | This logs sensitive data returned by $@ as clear text. | passwords.js:164:14:164:21 | password | an access to password |
| passwords.js:169:17:169:45 | passwor ... g, "*") | passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | This logs sensitive data returned by $@ as clear text. | passwords.js:169:17:169:24 | password | an access to password |
| passwords.js:170:11:170:39 | passwor ... g, "*") | passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | This logs sensitive data returned by $@ as clear text. | passwords.js:170:11:170:18 | password | an access to password |
| passwords_in_server_1.js:6:13:6:20 | password | passwords_in_server_1.js:6:13:6:20 | password | passwords_in_server_1.js:6:13:6:20 | password | This logs sensitive data returned by $@ as clear text. | passwords_in_server_1.js:6:13:6:20 | password | an access to password |
| passwords_in_server_2.js:3:13:3:20 | password | passwords_in_server_2.js:3:13:3:20 | password | passwords_in_server_2.js:3:13:3:20 | password | This logs sensitive data returned by $@ as clear text. | passwords_in_server_2.js:3:13:3:20 | password | an access to password |
| passwords_in_server_3.js:2:13:2:20 | password | passwords_in_server_3.js:2:13:2:20 | password | passwords_in_server_3.js:2:13:2:20 | password | This logs sensitive data returned by $@ as clear text. | passwords_in_server_3.js:2:13:2:20 | password | an access to password |
| passwords_in_server_4.js:2:13:2:20 | password | passwords_in_server_4.js:2:13:2:20 | password | passwords_in_server_4.js:2:13:2:20 | password | This logs sensitive data returned by $@ as clear text. | passwords_in_server_4.js:2:13:2:20 | password | an access to password |
| passwords_in_server_5.js:8:17:8:17 | x | passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:8:17:8:17 | x | This logs sensitive data returned by $@ as clear text. | passwords_in_server_5.js:4:7:4:24 | req.query.password | an access to password |

Some files were not shown because too many files have changed in this diff Show More