fix RequestForgeryConfig access

This filter currently has some overlap with `CreatePathSinkCharacteristic`. We add a flag to `erroneousEndpoints` such that these known modeling errors can optionally be ignored.

We turn the flag off when extracting prompt examples, to ensure the prompt contains only examples we're highly certain about.

If there are errors even with this flag turned on, we return an error message in the query that extracts positive examples, to prevent us from accidentally running it when there's a codex-generated data extension file in `java/ql/lib/ext`.

codeql-workspace.yml

@@ -8,16 +8,16 @@ provide:
   - "cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml"
   - "go/ql/config/legacy-support/qlpack.yml"
   - "go/build/codeql-extractor-go/codeql-extractor.yml"
-  - "javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml"
+  - "*/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml"
   # This pack is explicitly excluded from the workspace since most users
   # will want to use a version of this pack from the package cache. Internal
   # users can uncomment the following line and place a custom ML model
   # in the corresponding pack to test a custom ML model within their local
   # checkout.
-  # - "javascript/ql/experimental/adaptivethreatmodeling/model/qlpack.yml"
-  - "javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml"
-  - "javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml"
-  - "javascript/ql/experimental/adaptivethreatmodeling/test/qlpack.yml"
+  # - "*/ql/experimental/adaptivethreatmodeling/model/qlpack.yml"
+  - "*/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml"
+  - "*/ql/experimental/adaptivethreatmodeling/src/qlpack.yml"
+  - "*/ql/experimental/adaptivethreatmodeling/test/qlpack.yml"
   - "csharp/ql/campaigns/Solorigate/lib/qlpack.yml"
   - "csharp/ql/campaigns/Solorigate/src/qlpack.yml"
   - "csharp/ql/campaigns/Solorigate/test/qlpack.yml"

cpp/ql/lib/semmle/code/cpp/Location.qll

@@ -65,6 +65,7 @@ class Location extends @location {
    * For more information, see
    * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
    */
+  pragma[inline]
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {

java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfigs.qll

@@ -0,0 +1,34 @@
+/**
+ * For internal use only.
+ *
+ * Defines predicates that carry out checks over all queries that are currently supported.
+ *
+ * NOTE: Must import the query configurations of all queries that are supported by AI modeling.
+ */
+
+private import semmle.code.java.dataflow.TaintTracking
+/* Configurations of supported queries */
+import semmle.code.java.security.RequestForgeryConfig
+import semmle.code.java.security.SqlInjectionQuery
+import semmle.code.java.security.CommandLineQuery
+import semmle.code.java.security.TaintedPathQuery
+
+/**
+ * Holds if `sanitizer` is a sanitizer for any of the supported queries.
+ */
+predicate isBarrier(DataFlow::Node sanitizer) {
+  RequestForgeryConfig::isBarrier(sanitizer) or
+  QueryInjectionFlowConfig::isBarrier(sanitizer) or
+  RemoteUserInputToArgumentToExecFlowConfig::isBarrier(sanitizer) or
+  TaintedPathConfig::isBarrier(sanitizer)
+}
+
+/**
+ * Holds if `n1` to `n2` is an additional flow step for any of the supported queries.
+ */
+predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
+  RequestForgeryConfig::isAdditionalFlowStep(n1, n2) or
+  QueryInjectionFlowConfig::isAdditionalFlowStep(n1, n2) or
+  RemoteUserInputToArgumentToExecFlowConfig::isAdditionalFlowStep(n1, n2) or
+  TaintedPathConfig::isAdditionalFlowStep(n1, n2)
+}

java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll

@@ -0,0 +1,755 @@
+/**
+ * For internal use only.
+ */
+
+private import java as java
+import semmle.code.java.dataflow.TaintTracking
+import semmle.code.java.security.PathCreation
+private import semmle.code.java.dataflow.ExternalFlow
+private import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
+import experimental.adaptivethreatmodeling.EndpointTypes
+private import experimental.adaptivethreatmodeling.ATMConfigs as ATMConfigs
+private import semmle.code.java.security.ExternalAPIs as ExternalAPIs
+private import semmle.code.java.Expr as Expr
+
+/*
+ * Predicates that are used to surface prompt examples and candidates for classification with an ML model.
+ */
+
+/**
+ * Holds if `sink` is a known sink of type `sinkType`.
+ */
+predicate isKnownSink(DataFlow::Node sink, SinkType sinkType) {
+  // If the list of characteristics includes positive indicators with maximal confidence for this class, then it's a
+  // known sink for the class.
+  sinkType != any(NegativeSinkType negative) and
+  exists(EndpointCharacteristic characteristic |
+    characteristic.appliesToEndpoint(sink) and
+    characteristic.hasImplications(sinkType, true, characteristic.maximalConfidence())
+  )
+}
+
+/**
+ * Holds if the given endpoint has a self-contradictory combination of characteristics. Detects errors in our endpoint
+ * characteristics. Lists the problematic characterisitics and their implications for all such endpoints, together with
+ * an error message indicating why this combination is problematic.
+ *
+ * Copied from javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ContradictoryEndpointCharacteristics.ql
+ */
+predicate erroneousEndpoints(
+  DataFlow::Node endpoint, EndpointCharacteristic characteristic, EndpointType endpointClass,
+  float confidence, string errorMessage, boolean ignoreKnownModelingErrors
+) {
+  // An endpoint's characteristics should not include positive indicators with medium/high confidence for more than one
+  // sink/source type (including the negative type).
+  exists(EndpointCharacteristic characteristic2, EndpointType endpointClass2, float confidence2 |
+    endpointClass != endpointClass2 and
+    (
+      endpointClass instanceof SinkType and endpointClass2 instanceof SinkType
+      or
+      endpointClass instanceof SourceType and endpointClass2 instanceof SourceType
+    ) and
+    characteristic.appliesToEndpoint(endpoint) and
+    characteristic2.appliesToEndpoint(endpoint) and
+    characteristic.hasImplications(endpointClass, true, confidence) and
+    characteristic2.hasImplications(endpointClass2, true, confidence2) and
+    confidence > characteristic.mediumConfidence() and
+    confidence2 > characteristic2.mediumConfidence() and
+    // It's valid for a node to satisfy the logic for both `isSink` and `isSanitizer`, but in that case it will be
+    // treated by the actual query as a sanitizer, since the final logic is something like
+    // `isSink(n) and not isSanitizer(n)`.
+    not (
+      characteristic instanceof IsSanitizerCharacteristic or
+      characteristic2 instanceof IsSanitizerCharacteristic
+    ) and
+    (
+      ignoreKnownModelingErrors = true and
+      not knownOverlappingCharacteristics(characteristic, characteristic2)
+      or
+      ignoreKnownModelingErrors = false
+    )
+  ) and
+  errorMessage = "Endpoint has high-confidence positive indicators for multiple classes"
+  or
+  // An enpoint's characteristics should not include positive indicators with medium/high confidence for some class and
+  // also include negative indicators with medium/high confidence for this same class.
+  exists(EndpointCharacteristic characteristic2, float confidence2 |
+    characteristic.appliesToEndpoint(endpoint) and
+    characteristic2.appliesToEndpoint(endpoint) and
+    characteristic.hasImplications(endpointClass, true, confidence) and
+    characteristic2.hasImplications(endpointClass, false, confidence2) and
+    confidence > characteristic.mediumConfidence() and
+    confidence2 > characteristic2.mediumConfidence()
+  ) and
+  ignoreKnownModelingErrors = false and
+  errorMessage = "Endpoint has high-confidence positive and negative indicators for the same class"
+}
+
+predicate erroneousConfidences(
+  EndpointCharacteristic characteristic, float confidence, string errorMessage
+) {
+  characteristic.hasImplications(_, _, confidence) and
+  (confidence < 0 or confidence > 1) and
+  errorMessage = "Characteristic has an indicator with confidence outside of [0, 1]"
+}
+
+// /**
+//  * Holds if `characteristic1` and `characteristic2` are among the pairs of currently known positive characteristics that
+//  * have some overlap in their known sinks (always for the same query type). This is not necessarily a problem, because
+//  * both characteristics belong to the same query.
+//  */
+// private predicate knownOverlappingCharacteristics(
+//   EndpointCharacteristic characteristic1,
+//   EndpointCharacteristic characteristic2
+// ) {
+//   characteristic1 != characteristic2 and
+//   characteristic1 = ["file creation sink", "other path injection sink"] and
+//   characteristic2 = ["file creation sink", "other path injection sink"]
+// }
+/**
+ * Holds if `characteristic1` and `characteristic2` are among the pairs of currently known positive characteristics that
+ * have some overlap in their results. This indicates a problem with the underlying Java modeling. Specificatlly,
+ * `PathCreation` is prone to FPs.
+ */
+private predicate knownOverlappingCharacteristics(
+  EndpointCharacteristic characteristic1, EndpointCharacteristic characteristic2
+) {
+  characteristic1 != characteristic2 and
+  characteristic1 = ["mad taint step", "create path"] and
+  characteristic2 = ["mad taint step", "create path"]
+}
+
+predicate isTypeAccess(DataFlow::Node n) { n.asExpr() instanceof TypeAccess }
+
+/**
+ * Holds if `n` has the given metadata.
+ *
+ * This is a helper function to extract and export needed information about each endpoint in the sink candidate query as
+ * well as the queries that exatract positive and negative examples for the prompt / training set. The metadata is
+ * extracted as a string in the format of a Python dictionary.
+ */
+predicate hasMetadata(DataFlow::Node n, string metadata) {
+  exists(
+    string package, string type, boolean subtypes, string name, string signature, string ext,
+    int input, string provenance, boolean isPublic, boolean isExternalApiDataNode, boolean isFinal
+  |
+    hasMetadata(n, package, type, name, signature, input, isFinal, isPublic, isExternalApiDataNode) and
+    (if isFinal = true then subtypes = false else subtypes = true) and
+    ext = "" and // see https://github.slack.com/archives/CP9127VUK/p1673979477496069
+    provenance = "ai-generated" and
+    metadata =
+      "{'Package': '" + package + "', 'Type': '" + type + "', 'Subtypes': " + subtypes +
+        ", 'Name': '" + name + "', 'Signature': '" + signature + "', 'Ext': '" + ext +
+        "', 'Argument index': " + input + ", 'Provenance': '" + provenance + "', 'Is public': " +
+        isPublic + ", 'Is passed to external API': " + isExternalApiDataNode + "}" // TODO: Why are the curly braces added twice?
+  )
+}
+
+/**
+ * Holds if `n` has the given metadata.
+ *
+ * This is a helper function to extract and export needed information about each endpoint.
+ */
+predicate hasMetadata(
+  DataFlow::Node n, string package, string type, string name, string signature, int input,
+  boolean isFinal, boolean isPublic, boolean isExternalApiDataNode
+) {
+  exists(Callable callee, Call call |
+    n.asExpr() = call.getArgument(input) and
+    callee = call.getCallee() and
+    package = callee.getDeclaringType().getPackage().getName() and
+    type = callee.getDeclaringType().getErasure().(RefType).nestedName() and
+    (
+      if callee.isFinal() or callee.getDeclaringType().isFinal()
+      then isFinal = true
+      else isFinal = false
+    ) and
+    name = callee.getSourceDeclaration().getName() and
+    signature = paramsString(callee) and // TODO: Why are brackets being escaped (`\[\]` vs `[]`)?
+    (if callee.isPublic() then isPublic = true else isPublic = false) and
+    (
+      if n instanceof ExternalAPIs::ExternalApiDataNode
+      then isExternalApiDataNode = true
+      else isExternalApiDataNode = false
+    )
+  )
+}
+
+/*
+ * EndpointCharacteristic classes.
+ */
+
+/**
+ * A set of characteristics that a particular endpoint might have. This set of characteristics is used to make decisions
+ * about whether to include the endpoint in the training set and with what label, as well as whether to score the
+ * endpoint at inference time.
+ */
+abstract class EndpointCharacteristic extends string {
+  /**
+   * Holds when the string matches the name of the characteristic, which should describe some characteristic of the
+   * endpoint that is meaningful for determining whether it's a sink and if so of which type
+   */
+  bindingset[this]
+  EndpointCharacteristic() { any() }
+
+  /**
+   * Holds for endpoints that have this characteristic. This predicate contains the logic that applies characteristics
+   * to the appropriate set of dataflow nodes.
+   */
+  abstract predicate appliesToEndpoint(DataFlow::Node n);
+
+  /**
+   * This predicate describes what the characteristic tells us about an endpoint.
+   *
+   * Params:
+   * endpointClass: The sink/source type.
+   * isPositiveIndicator: If true, this characteristic indicates that this endpoint _is_ a member of the class; if
+   * false, it indicates that it _isn't_ a member of the class.
+   * confidence: A float in [0, 1], which tells us how strong an indicator this characteristic is for the endpoint
+   * belonging / not belonging to the given class. A confidence near zero means this characteristic is a very weak
+   * indicator of whether or not the endpoint belongs to the class. A confidence of 1 means that all endpoints with
+   * this characteristic definitively do/don't belong to the class.
+   */
+  abstract predicate hasImplications(
+    EndpointType endpointClass, boolean isPositiveIndicator, float confidence
+  );
+
+  /** Indicators with confidence at or above this threshold are considered to be high-confidence indicators. */
+  final float getHighConfidenceThreshold() { result = 0.8 }
+
+  // The following are some confidence values that are used in practice by the subclasses. They are defined as named
+  // constants here to make it easier to change them in the future.
+  final float maximalConfidence() { result = 1.0 }
+
+  final float highConfidence() { result = 0.9 }
+
+  final float mediumConfidence() { result = 0.6 }
+}
+
+/*
+ * Characteristics that are indicative of being a sink of some particular type.
+ */
+
+/**
+ * A high-confidence characteristic that indicates that an endpoint is a sink of a specified type. These endpoints can
+ * be used as positive samples for training or for a few-shot prompt.
+ */
+abstract private class SinkCharacteristic extends EndpointCharacteristic {
+  bindingset[this]
+  SinkCharacteristic() { any() }
+
+  abstract EndpointType getSinkType();
+
+  final override predicate hasImplications(
+    EndpointType endpointClass, boolean isPositiveIndicator, float confidence
+  ) {
+    endpointClass = this.getSinkType() and
+    isPositiveIndicator = true and
+    confidence = this.maximalConfidence()
+  }
+}
+
+/**
+ * Endpoints identified as "create-file" sinks by the MaD modeling are tainted path sinks with maximal confidence.
+ */
+private class CreateFileSinkCharacteristic extends SinkCharacteristic {
+  CreateFileSinkCharacteristic() { this = "create file" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) { sinkNode(n, "create-file") }
+
+  override EndpointType getSinkType() { result instanceof TaintedPathSinkType }
+}
+
+/**
+ * Endpoints identified as "read-file" sinks by the MaD modeling are tainted path sinks with maximal confidence.
+ */
+private class ReadFileSinkCharacteristic extends SinkCharacteristic {
+  ReadFileSinkCharacteristic() { this = "read file" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) { sinkNode(n, "read-file") }
+
+  override EndpointType getSinkType() { result instanceof TaintedPathSinkType }
+}
+
+/**
+ * Endpoints identified as `PathCreation` by the standard Java libraries are path injection sinks with medium
+ * confidence, because `PathCreation` is prone to FPs.
+ */
+private class CreatePathSinkCharacteristic extends EndpointCharacteristic {
+  CreatePathSinkCharacteristic() { this = "create path" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    n.asExpr() = any(PathCreation p).getAnInput()
+  }
+
+  override predicate hasImplications(
+    EndpointType endpointClass, boolean isPositiveIndicator, float confidence
+  ) {
+    endpointClass instanceof TaintedPathSinkType and
+    isPositiveIndicator = true and
+    confidence = mediumConfidence()
+  }
+}
+
+/**
+ * Endpoints identified as "sql" sinks by the MaD modeling are SQL sinks with maximal confidence.
+ */
+private class SqlMaDSinkCharacteristic extends SinkCharacteristic {
+  SqlMaDSinkCharacteristic() { this = "mad modeled sql" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) { sinkNode(n, "sql") }
+
+  override EndpointType getSinkType() { result instanceof SqlSinkType }
+}
+
+/**
+ * Endpoints identified as "SqlInjectionSink" by the standard Java libraries are SQL injection sinks with maximal
+ * confidence.
+ */
+private class SqlInjectionSinkCharacteristic extends SinkCharacteristic {
+  SqlInjectionSinkCharacteristic() { this = "other modeled sql" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    n instanceof ATMConfigs::QueryInjectionSink and
+    not sinkNode(n, "sql")
+  }
+
+  override EndpointType getSinkType() { result instanceof SqlSinkType }
+}
+
+/**
+ * Endpoints identified as "open-url" sinks by the MaD modeling are SSRF sinks with maximal confidence.
+ */
+private class UrlOpenSinkCharacteristic extends SinkCharacteristic {
+  UrlOpenSinkCharacteristic() { this = "open url" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) { sinkNode(n, "open-url") }
+
+  override EndpointType getSinkType() { result instanceof RequestForgerySinkType }
+}
+
+/**
+ * Endpoints identified as "jdbc-url" sinks by the MaD modeling are SSRF sinks with maximal confidence.
+ */
+private class JdbcUrlSinkCharacteristic extends SinkCharacteristic {
+  JdbcUrlSinkCharacteristic() { this = "jdbc url" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) { sinkNode(n, "jdbc-url") }
+
+  override EndpointType getSinkType() { result instanceof RequestForgerySinkType }
+}
+
+/**
+ * Endpoints identified as "RequestForgerySink" by the standard Java libraries but not by MaD models are SSRF sinks with
+ * maximal confidence.
+ */
+private class RequestForgeryOtherSinkCharacteristic extends SinkCharacteristic {
+  RequestForgeryOtherSinkCharacteristic() { this = "request forgery" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    n instanceof ATMConfigs::RequestForgerySink and
+    not sinkNode(n, "open-url") and
+    not sinkNode(n, "jdbc-url")
+  }
+
+  override EndpointType getSinkType() { result instanceof RequestForgerySinkType }
+}
+
+/**
+ * Endpoints identified as "command-injection" sinks by the standard Java libraries are command injection sinks with
+ * maximal confidence.
+ */
+private class CommandInjectionSinkCharacteristic extends SinkCharacteristic {
+  CommandInjectionSinkCharacteristic() { this = "command injection" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) { n.asExpr() instanceof ArgumentToExec }
+
+  override EndpointType getSinkType() { result instanceof CommandInjectionSinkType }
+}
+
+/*
+ * Characteristics that are indicative of not being a sink of any type.
+ */
+
+/**
+ * A high-confidence characteristic that indicates that an endpoint is not a sink of any type. These endpoints can be
+ * used as negative samples for training or for a few-shot prompt.
+ */
+abstract private class NotASinkCharacteristic extends EndpointCharacteristic {
+  bindingset[this]
+  NotASinkCharacteristic() { any() }
+
+  override predicate hasImplications(
+    EndpointType endpointClass, boolean isPositiveIndicator, float confidence
+  ) {
+    endpointClass instanceof NegativeSinkType and
+    isPositiveIndicator = true and
+    confidence = highConfidence()
+  }
+}
+
+/**
+ * A negative characteristic that indicates that an endpoint is a type access. Type accesses are not sinks.
+ */
+private class IsTypeAccessCharacteristic extends NotASinkCharacteristic {
+  IsTypeAccessCharacteristic() { this = "type access" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) { isTypeAccess(n) }
+}
+
+/**
+ * A negative characteristic that indicates that an endpoint is a sanitizer for some sink type. A sanitizer can never
+ * be a sink.
+ */
+private class IsSanitizerCharacteristic extends NotASinkCharacteristic {
+  IsSanitizerCharacteristic() { this = "sanitizer" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) { ATMConfigs::isBarrier(n) }
+}
+
+/**
+ * A negative characteristic that indicates that an endpoint is a MaD taint step. MaD modeled taint steps are global,
+ * so they are not sinks for any query. Non-MaD taint steps might be specific to a particular query, so we don't
+ * filter those out.
+ */
+private class IsMaDTaintStepCharacteristic extends NotASinkCharacteristic {
+  IsMaDTaintStepCharacteristic() { this = "taint step" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    FlowSummaryImpl::Private::Steps::summaryThroughStepValue(n, _, _) or
+    FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(n, _, _) or
+    FlowSummaryImpl::Private::Steps::summaryGetterStep(n, _, _, _) or
+    FlowSummaryImpl::Private::Steps::summarySetterStep(n, _, _, _)
+  }
+}
+
+/**
+ * A negative characteristic that indicates that an endpoint is an argument to a safe external API method.
+ *
+ * Based on java/ql/lib/semmle/code/java/security/ExternalAPIs.qll.
+ *
+ * TODO: Is this correct?
+ */
+private class SafeExternalApiMethodCharacteristic extends NotASinkCharacteristic {
+  string baseDescription;
+
+  SafeExternalApiMethodCharacteristic() {
+    baseDescription = "safe external API method" and
+    this = any(string s | s = baseDescription + [" (org.junit)", ""])
+  }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(Expr::Call call |
+      n.asExpr() = call.getAnArgument() and
+      call.getCallee() instanceof ExternalAPIs::SafeExternalApiMethod and
+      (
+        // The vast majority of calls to safe external API methods involve junit. To get a diverse set of negative
+        // examples, we break those off into a separate characteristic.
+        call.getCallee().getDeclaringType().getPackage().getName().matches("org.junit%") and
+        this = baseDescription + " (org.junit)"
+        or
+        not call.getCallee().getDeclaringType().getPackage().getName().matches("org.junit%") and
+        this = baseDescription
+      )
+    )
+  }
+}
+
+/**
+ * A negative characteristic that indicates that an endpoint is an argument to an exception, which is not a sink.
+ */
+private class ExceptionCharacteristic extends NotASinkCharacteristic {
+  ExceptionCharacteristic() { this = "exception" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(Expr::Call call, RefType type |
+      n.asExpr() = call.getAnArgument() and
+      type = call.getCallee().getDeclaringType().getASupertype*() and
+      type instanceof TypeThrowable
+    )
+  }
+}
+
+/**
+ * A negative characteristic that indicates that an endpoint was manually modeled as a neutral model.
+ *
+ * TODO: It may be necessary to turn this into a LikelyNotASinkCharacteristic, pending answers to the definition of a
+ * neutral model (https://github.com/github/codeql-java-team/issues/254#issuecomment-1435309148).
+ */
+private class NeutralModelCharacteristic extends NotASinkCharacteristic {
+  NeutralModelCharacteristic() { this = "known non-sink" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(Callable callee, string package, string type, string name, string signature |
+      callee = n.asExpr().(Argument).getCall().getCallee() and
+      package = callee.getDeclaringType().getPackage().getName() and
+      type = callee.getDeclaringType().getErasure().(RefType).nestedName() and
+      name = callee.getSourceDeclaration().getName() and
+      signature = paramsString(callee) and
+      neutralModel(package, type, name, signature, "manual")
+    )
+  }
+}
+
+/**
+ * A negative characteristic that indicates that an is-style boolean method is unexploitable even if it is a sink.
+ *
+ * A sink is highly unlikely to be exploitable if its callee's name starts with `is` and the callee has a boolean return
+ * type (e.g. `isDirectory`). These kinds of calls normally do only checks, and appear before the proper call that does
+ * the dangerous/interesting thing, so we want the latter to be modeled as the sink.
+ */
+private class UnexploitableIsCharacteristic extends NotASinkCharacteristic {
+  UnexploitableIsCharacteristic() { this = "unexploitable (is-style boolean method)" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    not sinkNode(n, _) and
+    exists(Callable callee |
+      callee = n.asExpr().(Argument).getCall().getCallee() and
+      callee.getName().matches("is%") and
+      callee.getReturnType() instanceof BooleanType
+    )
+  }
+}
+
+/**
+ * A negative characteristic that indicates that an existence-checking boolean method is unexploitable even if it is a
+ * sink.
+ *
+ * A sink is highly unlikely to be exploitable if its callee's name is `exists` or `notExists` and the callee has a
+ * boolean return type. These kinds of calls normally do only checks, and appear before the proper call that does the
+ * dangerous/interesting thing, so we want the latter to be modeled as the sink.
+ */
+private class UnexploitableExistsCharacteristic extends NotASinkCharacteristic {
+  UnexploitableExistsCharacteristic() { this = "unexploitable (existence-checking boolean method)" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    not sinkNode(n, _) and
+    exists(Callable callee |
+      callee = n.asExpr().(Argument).getCall().getCallee() and
+      (
+        callee.getName().toLowerCase() = "exists" or
+        callee.getName().toLowerCase() = "notexists"
+      ) and
+      callee.getReturnType() instanceof BooleanType
+    )
+  }
+}
+
+/**
+ * A medium-confidence characteristic that indicates that an endpoint is unlikely to be a sink of any type. These
+ * endpoints can be excluded from scoring at inference time, both to save time and to avoid false positives. They should
+ * not, however, be used as negative samples for training or for a few-shot prompt, because they may include a small
+ * number of sinks.
+ */
+abstract private class LikelyNotASinkCharacteristic extends EndpointCharacteristic {
+  bindingset[this]
+  LikelyNotASinkCharacteristic() { any() }
+
+  override predicate hasImplications(
+    EndpointType endpointClass, boolean isPositiveIndicator, float confidence
+  ) {
+    endpointClass instanceof NegativeSinkType and
+    isPositiveIndicator = true and
+    confidence = mediumConfidence()
+  }
+}
+
+/**
+ * A negative characteristic that indicates that an endpoint is not part of the source code for the project being
+ * analyzed.
+ *
+ * WARNING: These endpoints should not be used as negative samples for training, because they are not necessarily
+ * non-sinks. They are merely not interesting sinks to run through the ML model.
+ */
+private class IsExternalCharacteristic extends LikelyNotASinkCharacteristic {
+  IsExternalCharacteristic() { this = "external" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    not exists(n.getLocation().getFile().getRelativePath())
+  }
+}
+
+/**
+ * A negative characteristic that indicates that an endpoint is a non-final step in a taint propagation. This
+ * prevents us from detecting expresssions near sinks that are not the sink itself.
+ *
+ * WARNING: These endpoints should not be used as negative samples for training, because a there are rare situations
+ * where a node is both a sink and the `from` node of a flow step: when the called API uses the given value dangerously
+ * and then returns the given value. Example: `stillTainted = dangerous(tainted)`, assuming that the implementation of
+ * `dangerous(x)` eventually returns `x`.
+ */
+private class IsFlowStepCharacteristic extends LikelyNotASinkCharacteristic {
+  IsFlowStepCharacteristic() { this = "flow step" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) { isKnownStepSrc(n) }
+
+  /**
+   * Holds if the node `n` is known as the predecessor in a modeled flow step.
+   */
+  private predicate isKnownStepSrc(DataFlow::Node n) {
+    ATMConfigs::isAdditionalFlowStep(n, _) or
+    TaintTracking::localTaintStep(n, _)
+  }
+}
+
+/**
+ * A negative characteristic that indicates that an endpoint is not a `to` node for any known taint step. Such a node
+ * cannot be tainted, because taint can't flow into it.
+ *
+ * WARNING: These endpoints should not be used as negative samples for training, because they may include sinks for
+ * which our taint tracking modeling is incomplete.
+ */
+private class CannotBeTaintedCharacteristic extends LikelyNotASinkCharacteristic {
+  CannotBeTaintedCharacteristic() { this = "cannot be tainted" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) { not isKnownOutNodeForStep(n) }
+
+  /**
+   * Holds if the node `n` is known as the predecessor in a modeled flow step.
+   */
+  private predicate isKnownOutNodeForStep(DataFlow::Node n) {
+    ATMConfigs::isAdditionalFlowStep(_, n) or
+    TaintTracking::localTaintStep(_, n) or
+    FlowSummaryImpl::Private::Steps::summaryThroughStepValue(_, n, _) or
+    FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(_, n, _) or
+    FlowSummaryImpl::Private::Steps::summaryGetterStep(_, _, n, _) or
+    FlowSummaryImpl::Private::Steps::summarySetterStep(_, _, n, _)
+  }
+}
+
+/**
+ * A negative characteristic that indicates that an endpoint sits in a test file.
+ *
+ * WARNING: These endpoints should not be used as negative samples for training, because there can in fact be sinks in
+ * test files -- we just don't care to model them because they aren't exploitable.
+ */
+private class TestFileCharacteristic extends LikelyNotASinkCharacteristic {
+  TestFileCharacteristic() { this = "test file" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(File f | f = n.getLocation().getFile() and isInTestFile(f))
+  }
+
+  /**
+   * Holds if `file` is a test file. Copied from java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll.
+   *
+   * TODO: Why can't I import utils.modelgenerator.internal.CaptureModelsSpecific?
+   */
+  private predicate isInTestFile(File file) {
+    file.getAbsolutePath().matches("%src/test/%") or
+    file.getAbsolutePath().matches("%/guava-tests/%") or
+    file.getAbsolutePath().matches("%/guava-testlib/%")
+  }
+}
+
+/**
+ * A negative characteristic that indicates that an endpoint is a non-sink argument to a method whose sinks have already
+ * been modeled.
+ *
+ * WARNING: These endpoints should not be used as negative samples for training, because some sinks may have been missed
+ * when the method was modeled. Specifically, as we start using ATM to merge in new declarations, we can be less sure
+ * that a method with one argument modeled as a MaD sink has also had its remaining arguments manually reviewed. The
+ * ML model might have predicted argument 0 of some method to be a sink but not argument 1, when in fact argument 1 is
+ * also a sink.
+ */
+private class OtherArgumentToModeledMethodCharacteristic extends LikelyNotASinkCharacteristic {
+  OtherArgumentToModeledMethodCharacteristic() {
+    this = "other argument to a method that has already been modeled"
+  }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    not sinkNode(n, _) and
+    exists(DataFlow::Node sink, string kind |
+      sinkNode(sink, kind) and
+      n.asExpr() = sink.asExpr().(Argument).getCall().getAnArgument()
+    )
+  }
+}
+
+/*
+ * TODO: `UninterestingToModelCharacteristic` should _not_ be used to filter out sink candidates when running this
+ * query on a user's codebase for customized modeling.
+ */
+
+/**
+ * A characteristic that indicates not necessarily that an endpoint is not a sink, but rather that it is not a sink
+ * that's interesting to model in the standard Java libraries. These filters should be removed when extracting sink
+ * candidates within a user's codebase for customized modeling.
+ *
+ * These endpoints should not be used as negative samples for training or for a few-shot prompt, because they are not
+ * necessarily non-sinks.
+ */
+abstract private class UninterestingToModelCharacteristic extends EndpointCharacteristic {
+  bindingset[this]
+  UninterestingToModelCharacteristic() { any() }
+
+  override predicate hasImplications(
+    EndpointType endpointClass, boolean isPositiveIndicator, float confidence
+  ) {
+    endpointClass instanceof NegativeSinkType and
+    isPositiveIndicator = true and
+    confidence = mediumConfidence()
+  }
+}
+
+/**
+ * A negative characteristic that filters out non-public methods. Non-public methods are not interesting to include in
+ * the standard Java modeling, because they cannot be called from outside the package.
+ */
+private class NonPublicMethodCharacteristic extends UninterestingToModelCharacteristic {
+  NonPublicMethodCharacteristic() { this = "non-public method" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(Expr::Call call |
+      n.asExpr() = call.getAnArgument() and
+      not call.getCallee().isPublic()
+    )
+  }
+}
+
+/**
+ * A negative characteristic that filters out calls for which the package the call originates from and the package where
+ * the callee is defined are the same up to at least three levels, and the callee package is at least four levels deep.
+ * Such calls are not interesting to run through the ML model, because they represent methods that are far less likely
+ * to be called from outside, and are primarily used internally within the framework.
+ */
+private class SimilarPackageCharacteristic extends UninterestingToModelCharacteristic {
+  SimilarPackageCharacteristic() { this = "callee package is similar to call package" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(string package, string calleePackage, int numLevels |
+      package = n.asExpr().getCompilationUnit().getPackage().getName() and
+      calleePackage =
+        n.asExpr().(Argument).getCall().getCallee().getDeclaringType().getPackage().getName() and
+      // Count the number of dots in the callee package name to determine how deep the package is.
+      count(calleePackage.indexOf(".")) >= 3 and
+      // Check that both package names are identical up to and including the third level.
+      numLevels = 2 and
+      count(package.indexOf(".")) >= numLevels and
+      // Add a trailing dot to the package names so that the full package name is matched if it has only numLevels + 1
+      // levels.
+      package.substring(0, (package + ".").indexOf(".", numLevels, 0)) =
+        calleePackage.substring(0, (calleePackage + ".").indexOf(".", numLevels, 0))
+    )
+  }
+}
+
+/**
+ * A negative characteristic that filters out calls to undocumented methods in undocumented classes inside the current
+ * DB. The assumption is that methods that are intended / likely to be called from outside the package are documented.
+ *
+ * Note that in practice we have seen some interesting sinks in methods that are external-facing but undocumented
+ * (and appear in empty Javadoc pages), so this filter can be expected to lead to the loss of some interesting sinks.
+ */
+private class UndocumentedMethodCharacteristic extends UninterestingToModelCharacteristic {
+  UndocumentedMethodCharacteristic() { this = "undocumented method" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(Callable callee |
+      callee = n.asExpr().(Argument).getCall().getCallee() and
+      not exists(callee.(Documentable).getJavadoc()) and
+      not exists(callee.getDeclaringType().(Documentable).getJavadoc()) and
+      callee.fromSource()
+    )
+  }
+}

java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll

@@ -0,0 +1,60 @@
+/**
+ * For internal use only.
+ *
+ * Defines the set of classes that endpoint scoring models can predict. Endpoint scoring models must
+ * only predict classes defined within this file. This file is the source of truth for the integer
+ * representation of each of these classes.
+ */
+
+/** A class that can be predicted by a classifier. */
+abstract class EndpointType extends string {
+  /**
+   * Holds when the string matches the name of the sink / source type.
+   */
+  bindingset[this]
+  EndpointType() { any() }
+
+  /**
+   * Gets the name of the sink/source kind for this endpoint type as used in models-as-data.
+   *
+   * See https://github.com/github/codeql/blob/44213f0144fdd54bb679ca48d68b28dcf820f7a8/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll#LL353C11-L357C31
+   */
+  final string getKind() { result = this }
+}
+
+/** A class for sink types that can be predicted by a classifier. */
+abstract class SinkType extends EndpointType {
+  bindingset[this]
+  SinkType() { any() }
+}
+
+/** A class for source types that can be predicted by a classifier. */
+abstract class SourceType extends EndpointType {
+  bindingset[this]
+  SourceType() { any() }
+}
+
+/** The `Negative` class for non-sinks. */
+class NegativeSinkType extends SinkType {
+  NegativeSinkType() { this = "non-sink" }
+}
+
+/** All sinks relevant to the SQL injection query */
+class SqlSinkType extends SinkType {
+  SqlSinkType() { this = "sql" }
+}
+
+/** All sinks relevant to the tainted path injection query. */
+class TaintedPathSinkType extends SinkType {
+  TaintedPathSinkType() { this = "tainted-path" }
+}
+
+/** All sinks relevant to the SSRF query. */
+class RequestForgerySinkType extends SinkType {
+  RequestForgerySinkType() { this = "ssrf" }
+}
+
+/** All sinks relevant to the command injection query. */
+class CommandInjectionSinkType extends SinkType {
+  CommandInjectionSinkType() { this = "command-injection" }
+}

java/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml

@@ -0,0 +1,10 @@
+name: codeql/java-experimental-atm-lib
+description: CodeQL libraries for the experimental ML-powered queries
+version: 0.4.3
+extractor: java
+library: true
+groups:
+    - java
+    - experimental
+dependencies:
+    codeql/java-all: ${workspace}

java/ql/experimental/adaptivethreatmodeling/src/ExtractNegativeExamples.ql

@@ -0,0 +1,58 @@
+/**
+ * Surfaces endpoints are non-sinks with high confidence, for use as negative examples in the prompt.
+ *
+ * @name Negative examples (experimental)
+ * @kind problem
+ * @id java/ml-powered/non-sink
+ * @tags experimental security
+ */
+
+private import java
+import semmle.code.java.dataflow.TaintTracking
+private import experimental.adaptivethreatmodeling.EndpointCharacteristics as EndpointCharacteristics
+private import experimental.adaptivethreatmodeling.EndpointTypes
+
+bindingset[rate]
+DataFlow::Node getSampleFromSampleRate(float rate) {
+  exists(int r |
+    result =
+      rank[r](DataFlow::Node n, string path, int a, int b, int c, int d |
+        n.asExpr().getLocation().hasLocationInfo(path, a, b, c, d)
+      |
+        n order by path, a, b, c, d
+      ) and
+    r % (1 / rate).ceil() = 0
+  )
+}
+
+from
+  DataFlow::Node endpoint, EndpointCharacteristics::EndpointCharacteristic characteristic,
+  float confidence, string message
+where
+  characteristic.appliesToEndpoint(endpoint) and
+  confidence >= characteristic.highConfidence() and
+  characteristic.hasImplications(any(NegativeSinkType negative), true, confidence) and
+  // Exclude endpoints that have contradictory endpoint characteristics, because we only want examples we're highly
+  // certain about in the prompt.
+  not EndpointCharacteristics::erroneousEndpoints(endpoint, _, _, _, _, false) and
+  // Exclude type access nodes because they will never be on a flow path so they're not useful negative examples.
+  not EndpointCharacteristics::isTypeAccess(endpoint) and
+  // It's valid for a node to satisfy the logic for both `isSink` and `isSanitizer`, but in that case it will be
+  // treated by the actual query as a sanitizer, since the final logic is something like
+  // `isSink(n) and not isSanitizer(n)`. We don't want to include such nodes as negative examples in the prompt, because
+  // they're ambiguous and might confuse the model, so we explicitly exclude all known sinks from the negative examples.
+  not exists(
+    EndpointCharacteristics::EndpointCharacteristic characteristic2, float confidence2,
+    SinkType positiveType
+  |
+    characteristic2.appliesToEndpoint(endpoint) and
+    confidence2 >= characteristic2.maximalConfidence() and
+    not positiveType instanceof NegativeSinkType and
+    characteristic2.hasImplications(positiveType, true, confidence2)
+  ) and
+  endpoint = getSampleFromSampleRate(0.05) and
+  message =
+    characteristic + "\n" +
+      // Extract the needed metadata for this endpoint.
+      any(string metadata | EndpointCharacteristics::hasMetadata(endpoint, metadata))
+select endpoint, message

java/ql/experimental/adaptivethreatmodeling/src/ExtractPositiveExamples.ql

@@ -0,0 +1,50 @@
+/**
+ * Surfaces endpoints are sinks with high confidence, for use as positive examples in the prompt.
+ *
+ * @name Positive examples (experimental)
+ * @kind problem
+ * @id java/ml-powered/known-sink
+ * @tags experimental security
+ */
+
+private import java
+import semmle.code.java.dataflow.TaintTracking
+private import semmle.code.java.security.ExternalAPIs as ExternalAPIs
+private import experimental.adaptivethreatmodeling.EndpointCharacteristics as EndpointCharacteristics
+private import experimental.adaptivethreatmodeling.EndpointTypes
+private import experimental.adaptivethreatmodeling.ATMConfigs as ATMConfigs
+
+/*
+ * ****** WARNING: ******
+ * Before calling this query, make sure there's no codex-generated data extension file in `java/ql/lib/ext`. Otherwise,
+ * the ML-gnerarated, noisy sinks will end up poluting the positive examples used in the prompt!
+ */
+
+from DataFlow::Node sink, SinkType sinkType, string message
+where
+  // Exclude endpoints that have contradictory endpoint characteristics, because we only want examples we're highly
+  // certain about in the prompt.
+  not EndpointCharacteristics::erroneousEndpoints(sink, _, _, _, _, false) and
+  // Extract positive examples of sinks belonging to the existing ATM query configurations.
+  (
+    EndpointCharacteristics::isKnownSink(sink, sinkType) and
+    // It's valid for a node to satisfy the logic for both `isSink` and `isSanitizer`, but in that case it will be
+    // treated by the actual query as a sanitizer, since the final logic is something like
+    // `isSink(n) and not isSanitizer(n)`. We don't want to include such nodes as positive examples in the prompt.
+    not ATMConfigs::isBarrier(sink) and
+    // Include only sinks that are arguments to an external API call, because these are the sinks we are most interested
+    // in.
+    sink instanceof ExternalAPIs::ExternalApiDataNode and
+    // If there are _any_ erroneous endpoints, return an error message for all rows. This will prevent us from
+    // accidentally running this query when there's a codex-generated data extension file in `java/ql/lib/ext`.
+    if not EndpointCharacteristics::erroneousEndpoints(_, _, _, _, _, true)
+    then
+      message =
+        sinkType + "\n" +
+          // Extract the needed metadata for this endpoint.
+          any(string metadata | EndpointCharacteristics::hasMetadata(sink, metadata))
+    else
+      message =
+        "Error: There are erroneous endpoints! Please check whether there's a codex-generated data extension file in `java/ql/lib/ext`."
+  )
+select sink, message

java/ql/experimental/adaptivethreatmodeling/src/ExtractSinkCandidates.ql

@@ -0,0 +1,82 @@
+/**
+ * Surfaces the endpoints that pass the endpoint filters and are not already known to be sinks, and are therefore used
+ * as candidates for classification with an ML model.
+ *
+ * Note: This query does not actually classify the endpoints using the model.
+ *
+ * @name Sink candidates (experimental)
+ * @description Sink candidates
+ * @kind problem
+ * @id java/ml-powered/sink-candidates
+ * @tags experimental security
+ */
+
+private import java
+import semmle.code.java.dataflow.TaintTracking
+private import semmle.code.java.dataflow.ExternalFlow
+private import experimental.adaptivethreatmodeling.EndpointCharacteristics as EndpointCharacteristics
+private import experimental.adaptivethreatmodeling.EndpointTypes
+
+/**
+ * Holds if the candidate sink `candidateSink` should be considered as a possible sink of type `sinkType`, and
+ * classified by the ML model. A candidate sink is a node that cannot be excluded from `sinkType` based on its
+ * characteristics.
+ */
+predicate isSinkCandidate(DataFlow::Node candidateSink, SinkType sinkType) {
+  sinkType != any(NegativeSinkType negative) and
+  not exists(EndpointCharacteristics::EndpointCharacteristic characteristic |
+    characteristic = getAReasonSinkExcluded(candidateSink, sinkType)
+  )
+}
+
+/**
+ * Gets the list of characteristics that cause `candidateSink` to be excluded as an effective sink for a given sink
+ * type.
+ */
+EndpointCharacteristics::EndpointCharacteristic getAReasonSinkExcluded(
+  DataFlow::Node candidateSink, SinkType sinkType
+) {
+  // An endpoint is a sink candidate if none of its characteristics give much indication whether or not it is a sink.
+  sinkType != any(NegativeSinkType negative) and
+  result.appliesToEndpoint(candidateSink) and
+  // Exclude endpoints that have a characteristic that implies they're not sinks for _any_ sink type.
+  exists(float confidence |
+    confidence >= result.mediumConfidence() and
+    result.hasImplications(any(NegativeSinkType negative), true, confidence)
+  )
+  or
+  // Exclude endpoints that have a characteristic that implies they're not sinks for _this particular_ sink type.
+  exists(float confidence |
+    confidence >= result.mediumConfidence() and
+    result.hasImplications(sinkType, false, confidence)
+  )
+}
+
+/*
+ * TODO: `UninterestingToModelCharacteristic` should _not_ be used to filter out sink candidates when running this
+ * query on a user's codebase for customized modeling.
+ */
+
+from DataFlow::Node sinkCandidate, string message
+where
+  // If a node is already a known sink for any of our existing ATM queries and is already modeled as a MaD sink, we
+  // don't include it as a candidate. Otherwise, we might include it as a candidate for query A, but the model will
+  // label it as a sink for one of the sink types of query B, for which it's already a known sink. This would result in
+  // overlap between our detected sinks and the pre-existing modeling. We assume that, if a sink has already been
+  // modeled in a MaD model, then it doesn't belong to any additional sink types, and we don't need to reexamine it.
+  not exists(string kind |
+    sinkNode(sinkCandidate, kind)
+    // and EndpointCharacteristics::isKnownSink(sinkCandidate, sinkType) and kind = sinkType.getKind() // TODO: Uncomment this line once our sink types indeed correspond to MaD `kind`s.
+  ) and
+  // The message is the concatenation of all sink types for which this endpoint is known neither to be a sink nor to be
+  // a non-sink, and we surface only endpoints that have at least one such sink type.
+  message =
+    strictconcat(SinkType sinkType |
+        not EndpointCharacteristics::isKnownSink(sinkCandidate, sinkType) and
+        isSinkCandidate(sinkCandidate, sinkType)
+      |
+        sinkType + ", "
+      ) + "\n" +
+      // Extract the needed metadata for this endpoint.
+      any(string metadata | EndpointCharacteristics::hasMetadata(sinkCandidate, metadata))
+select sinkCandidate, message

java/ql/experimental/adaptivethreatmodeling/src/codeql-pack.lock.yml

@@ -0,0 +1,4 @@
+---
+dependencies: {}
+compiled: false
+lockVersion: 1.0.0

java/ql/experimental/adaptivethreatmodeling/src/codeql-suites/java-atm-code-scanning.qls

@@ -0,0 +1,2 @@
+- description: ATM boosted Code Scanning queries for Java
+- queries: .

java/ql/experimental/adaptivethreatmodeling/src/qlpack.yml

@@ -0,0 +1,11 @@
+name: codeql/java-experimental-atm-queries
+description: Experimental ML-powered queries for Java
+language: java
+version: 0.4.3
+suites: codeql-suites
+defaultSuiteFile: codeql-suites/java-atm-code-scanning.qls
+groups:
+    - java
+    - experimental
+dependencies:
+    codeql/java-experimental-atm-lib: ${workspace}

javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointScoring.qll

@@ -9,6 +9,7 @@ private import BaseScoring
 private import EndpointFeatures as EndpointFeatures
 private import FeaturizationConfig
 private import EndpointTypes
+private import ModelPrompt as ModelPrompt
 
 private string getACompatibleModelChecksum() {
   availableMlModels(result, "javascript", _, "atm-endpoint-scoring")
@@ -33,12 +34,31 @@ module ModelScoring {
     result = any(FeaturizationConfig cfg).getAnEndpointToFeaturize()
   }
 
-  private int getARequestedEndpointType() { result = any(EndpointType type).getEncoding() }
+  predicate getEndpointPrompt(DataFlow::Node node, string prompt) {
+    node = getARequestedEndpoint() and
+    prompt = ModelPrompt::ModelPrompt::getPrompt(node)
+  }
 
-  predicate endpointScores(DataFlow::Node endpoint, int encodedEndpointType, float score) =
-    scoreEndpoints(getARequestedEndpoint/0, EndpointFeatures::tokenFeatures/3,
-      EndpointFeatures::getASupportedFeatureName/0, getARequestedEndpointType/0,
-      getACompatibleModelChecksum/0)(endpoint, encodedEndpointType, score)
+  predicate endpointScores(DataFlow::Node endpoint, int encodedEndpointType, float score) {
+    exists(EndpointType endpointType |
+      endpointType.getEncoding() = encodedEndpointType and
+      internalEnpointScores(endpoint, endpointType.getDescription()) and
+      score = 1.0
+    )
+  }
+
+  pragma[inline]
+  predicate internalEnpointScores(DataFlow::Node endpoint, string prediction) =
+    remoteScoreEndpoints(getEndpointPrompt/2)(endpoint, prediction)
+
+  // For debugging queries, don't limit these to effective sinks:
+  predicate getEndpointPromptForAnyEndpoint(DataFlow::Node node, string prompt) {
+    prompt = ModelPrompt::ModelPrompt::getPrompt(node)
+  }
+
+  pragma[inline]
+  predicate internalEnpointScoresForAnyEndpoint(DataFlow::Node endpoint, string prediction) =
+    remoteScoreEndpoints(getEndpointPromptForAnyEndpoint/2)(endpoint, prediction)
 }
 
 /**
@@ -70,9 +90,7 @@ private float getScoreForSink(DataFlow::Node sink) {
 }
 
 class EndpointScoringResults extends ScoringResults {
-  EndpointScoringResults() {
-    this = "EndpointScoringResults" and exists(getACompatibleModelChecksum())
-  }
+  EndpointScoringResults() { this = "EndpointScoringResults" }
 
   /**
    * Get ATM's confidence that a path between `source` and `sink` represents a security
@@ -125,15 +143,7 @@ class EndpointScoringResults extends ScoringResults {
       // This restriction on `sink` has no semantic effect but improves performance.
       getCfg().isEffectiveSink(sink) and
       exists(float sinkScore |
-        ModelScoring::endpointScores(sink, getCfg().getASinkEndpointType().getEncoding(), sinkScore) and
-        // Include the endpoint if (a) the query endpoint type scores higher than all other
-        // endpoint types, or (b) the query endpoint type scores at least
-        // 0.5 - (getCfg().getScoreCutoff() / 2).
-        sinkScore >=
-          [
-            max(float s | ModelScoring::endpointScores(sink, _, s)),
-            0.5 - getCfg().getScoreCutoff() / 2
-          ]
+        ModelScoring::endpointScores(sink, getCfg().getASinkEndpointType().getEncoding(), sinkScore)
       )
     )
   }

javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll

@@ -29,35 +29,35 @@ abstract class EndpointType extends TEndpointType {
 
 /** The `Negative` class that can be predicted by endpoint scoring models. */
 class NegativeType extends EndpointType, TNegativeType {
-  override string getDescription() { result = "Negative" }
+  override string getDescription() { result = "non-sink" }
 
   override int getEncoding() { result = 0 }
 }
 
 /** The `XssSink` class that can be predicted by endpoint scoring models. */
 class XssSinkType extends EndpointType, TXssSinkType {
-  override string getDescription() { result = "XssSink" }
+  override string getDescription() { result = "xss sink" }
 
   override int getEncoding() { result = 1 }
 }
 
 /** The `NosqlInjectionSink` class that can be predicted by endpoint scoring models. */
 class NosqlInjectionSinkType extends EndpointType, TNosqlInjectionSinkType {
-  override string getDescription() { result = "NosqlInjectionSink" }
+  override string getDescription() { result = "nosql injection sink" }
 
   override int getEncoding() { result = 2 }
 }
 
 /** The `SqlInjectionSink` class that can be predicted by endpoint scoring models. */
 class SqlInjectionSinkType extends EndpointType, TSqlInjectionSinkType {
-  override string getDescription() { result = "SqlInjectionSink" }
+  override string getDescription() { result = "sql injection sink" }
 
   override int getEncoding() { result = 3 }
 }
 
 /** The `TaintedPathSink` class that can be predicted by endpoint scoring models. */
 class TaintedPathSinkType extends EndpointType, TTaintedPathSinkType {
-  override string getDescription() { result = "TaintedPathSink" }
+  override string getDescription() { result = "path injection sink" }
 
   override int getEncoding() { result = 4 }
 }

javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ModelPrompt.qll

@@ -0,0 +1,123 @@
+import javascript
+import EndpointTypes as EndpointTypes
+
+module ModelPrompt {
+  pragma[inline]
+  string getPrompt(DataFlow::Node endpoint) {
+    result = getTrainingSetPrompt() + getCurrentEndpointPrompt(endpoint)
+  }
+
+  /**
+   * Gets the beginning of the prompt, which contains the training examples, shuffled in random order.
+   * This part of the prompt was generated from examples that come from training repos rather than evaluation repos.
+   * These are diverse examples generated from a random selection of repos in the ATM training set.
+   * Each example is from a different repo. There are two examples of each sink type and eight non-sink examples, each
+   * from a different negative endpoint characteristic.
+   */
+  private string getTrainingSetPrompt() {
+    result =
+      "# List examples of JavaScript security vulnerability sinks and non-sinks\n|Code snippet|Neighborhood|Classification|\n|---|---|---|\n|`WPUrls.ajaxurl`|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`|"
+        + any(EndpointTypes::NegativeType endpointType).getDescription() +
+        "|\n|`[ handlebars ]`|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`|"
+        + any(EndpointTypes::TaintedPathSinkType endpointType).getDescription() +
+        "|\n|`url`|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`|"
+        + any(EndpointTypes::NegativeType endpointType).getDescription() +
+        "|\n|`_.bind(connection.createGame, this, socket)`|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`|"
+        + any(EndpointTypes::NegativeType endpointType).getDescription() +
+        "|\n|`sql`|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`|"
+        + any(EndpointTypes::SqlInjectionSinkType endpointType).getDescription() +
+        "|\n|` <style type= text/css  id= shapely-style-  + sufix +    /> `|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`|"
+        + any(EndpointTypes::XssSinkType endpointType).getDescription() +
+        "|\n|`content`|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`|" +
+        any(EndpointTypes::NegativeType endpointType).getDescription() +
+        "|\n|`imageURL`|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`|"
+        + any(EndpointTypes::XssSinkType endpointType).getDescription() +
+        "|\n|`{ roomId }`|`    }    const game = await Game.findOne({ roomId });    if (!game) {`|" +
+        any(EndpointTypes::NosqlInjectionSinkType endpointType).getDescription() +
+        "|\n|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`|"
+        + any(EndpointTypes::SqlInjectionSinkType endpointType).getDescription() +
+        "|\n|`listenToServer`|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`|"
+        + any(EndpointTypes::NegativeType endpointType).getDescription() +
+        "|\n|`negativeYearString`|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`|"
+        + any(EndpointTypes::NegativeType endpointType).getDescription() +
+        "|\n|`__dirname`|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`|"
+        + any(EndpointTypes::TaintedPathSinkType endpointType).getDescription() +
+        "|\n|`certificateId`|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`|"
+        + any(EndpointTypes::NosqlInjectionSinkType endpointType).getDescription() +
+        "|\n|`{encoding:  utf8 }`|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`|"
+        + any(EndpointTypes::NegativeType endpointType).getDescription() +
+        "|\n|`depth`|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`|"
+        + any(EndpointTypes::NegativeType endpointType).getDescription() + "|\n"
+  }
+
+  /**
+   * Gets the last line of the prompt, containing the current endpoint.
+   * TODO
+   */
+  private string getCurrentEndpointPrompt(DataFlow::Node endpoint) {
+    result = "|`" + tokenizeEndpoint(endpoint) + "`|`" + tokenizeNeighborhood(endpoint, 2) + "`|"
+  }
+
+  /**
+   * Gets the reconstructed source code text for a range of locations.
+   * TODO: This excludes comments
+   */
+  string tokenize(Location location) {
+    result =
+      strictconcat(Token token |
+        location.containsLoosely(token.getLocation())
+      |
+        token.getValue() +
+            // Use space as the separator, since that is most likely.
+            // May not be an exact reconstruction, e.g. if the code
+            // had newlines between successive tokens.
+            " "
+        order by
+          token.getLocation().getStartLine(), token.getLocation().getStartColumn()
+      )
+          // Remove some characters that have special meaning in the markdown table prompt, or that are not allowed in
+          //the HOP:
+          .replaceAll("\"", " ")
+          .replaceAll("\\", " ")
+          .replaceAll("\n", " ")
+          .replaceAll("\r", " ")
+          .replaceAll("|", " ")
+          .replaceAll("`", " ")
+          // Remove spaces that break the code syntax or make for strange code styling:
+          .replaceAll(" . ", ".")
+          .replaceAll(" :", ":")
+          .replaceAll(" ,", ",")
+          .replaceAll(" (", "(")
+          .replaceAll(" )", ")")
+          .replaceAll("( ", "(")
+  }
+
+  /**
+   * Gets the reconstructed source code text for `node`.
+   */
+  string tokenizeEndpoint(DataFlow::Node node) {
+    result = tokenize(node.getAstNode().getLocation())
+  }
+
+  /**
+   * Gets the reconstructed source code text for the neighborhood around `node`, including `neighborhoodSize` lines
+   * before and `neighborhoodSize` lines after `node`.
+   */
+  bindingset[neighborhoodSize]
+  string tokenizeNeighborhood(DataFlow::Node node, int neighborhoodSize) {
+    result =
+      tokenize(max(Location loc |
+          // Select the largest neighborhood that contains `node` and at most `neighborhoodSize` lines before and after
+          // `node`.
+          loc.getFile() = node.getAstNode().getLocation().getFile() and
+          loc.containsLoosely(node.getAstNode().getLocation()) and
+          loc.getStartLine() >= node.getAstNode().getLocation().getStartLine() - neighborhoodSize and
+          loc.getEndLine() <= node.getAstNode().getLocation().getEndLine() + neighborhoodSize
+        |
+          loc
+          order by
+            loc.getNumLines(), loc.getEndColumn() - loc.getStartColumn(), loc.getEndColumn(),
+            loc.getStartColumn() desc
+        ))
+  }
+}

javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ATMQuery.expected

@@ -0,0 +1,157 @@
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:13:22:13:29 | req.body | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:10:22:10:29 | req.body | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:29 | req.body | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:25:13:32 | req.body | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | autogenerated/Xss/DomBasedXss/classnames.js:7:58:7:68 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | autogenerated/Xss/DomBasedXss/classnames.js:8:59:8:69 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | autogenerated/Xss/DomBasedXss/classnames.js:9:59:9:69 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | autogenerated/Xss/DomBasedXss/classnames.js:13:57:13:67 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | autogenerated/Xss/DomBasedXss/classnames.js:15:52:15:62 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | autogenerated/Xss/DomBasedXss/jquery.js:2:17:2:40 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | autogenerated/Xss/DomBasedXss/nodemailer.js:12:50:12:66 | req.query.message | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | autogenerated/Xss/DomBasedXss/sanitiser.js:16:17:16:27 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | autogenerated/Xss/DomBasedXss/sanitiser.js:16:17:16:27 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | autogenerated/Xss/DomBasedXss/sanitiser.js:16:17:16:27 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | autogenerated/Xss/DomBasedXss/sanitiser.js:16:17:16:27 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | autogenerated/Xss/DomBasedXss/sanitiser.js:16:17:16:27 | window.name | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | autogenerated/Xss/DomBasedXss/tst3.js:2:42:2:63 | window. ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | autogenerated/Xss/DomBasedXss/tst.js:31:10:31:33 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | autogenerated/Xss/DomBasedXss/tst.js:46:21:46:44 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | autogenerated/Xss/DomBasedXss/tst.js:355:19:355:42 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | autogenerated/Xss/DomBasedXss/tst.js:355:19:355:42 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:17:20:40 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | autogenerated/Xss/ExceptionXss/exception-xss.js:146:12:146:35 | documen ... .search | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | 1.0 |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:13:22:13:29 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | autogenerated/TaintedPath/pupeteer.js:5:28:5:53 | parseTo ... t).name | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | autogenerated/TaintedPath/pupeteer.js:5:28:5:53 | parseTo ... t).name | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | autogenerated/Xss/DomBasedXss/nodemailer.js:12:50:12:66 | req.query.message | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | autogenerated/Xss/DomBasedXss/nodemailer.js:13:50:13:66 | req.query.message | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | autogenerated/Xss/DomBasedXss/tst3.js:2:42:2:63 | window. ... .search | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | autogenerated/Xss/DomBasedXss/tst.js:197:19:197:42 | documen ... .search | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | autogenerated/Xss/DomBasedXss/tst.js:197:19:197:42 | documen ... .search | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | autogenerated/Xss/DomBasedXss/tst.js:355:19:355:42 | documen ... .search | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | autogenerated/Xss/ExceptionXss/exception-xss.js:146:12:146:35 | documen ... .search | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | 1.0 |
+| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:13:22:13:29 | req.body | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:10:22:10:29 | req.body | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:29 | req.body | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:25:13:32 | req.body | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:8:16:8:34 | req.params.category | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:8:16:8:34 | req.params.category | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:46:8:60 | $routeParams.id | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:46:10:58 | req.params.id | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | autogenerated/Xss/DomBasedXss/nodemailer.js:12:50:12:66 | req.query.message | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | autogenerated/Xss/DomBasedXss/tst3.js:2:42:2:63 | window. ... .search | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | autogenerated/Xss/ExceptionXss/exception-xss.js:146:12:146:35 | documen ... .search | 1.0 |
+| SqlInjectionAtmConfig | 3 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:13:22:13:29 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:13:19:13:26 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:13:19:13:26 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:10:22:10:29 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:29 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:25:13:32 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:73:42:73:55 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | autogenerated/Xss/DomBasedXss/nodemailer.js:12:50:12:66 | req.query.message | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | 1.0 |
+| TaintedPathAtmConfig | 4 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | 1.0 |

javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ATMQuery.ql

@@ -0,0 +1,22 @@
+/*
+ * ATMQuery.ql
+ *
+ * This test surfaces the endpoints that pass the endpoint filters and have flow from a source for each query config,
+ * and which codex predicts to in fact be sinks for the relevant sink type. It can be used to determine the alerts codex
+ * will surface for each query.
+ */
+
+private import javascript as JS
+import extraction.NoFeaturizationRestrictionsConfig
+private import experimental.adaptivethreatmodeling.ATMConfig as AtmConfig
+private import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAtm
+private import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
+private import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
+private import experimental.adaptivethreatmodeling.XssATM as XssAtm
+private import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomATM
+import experimental.adaptivethreatmodeling.AdaptiveThreatModeling::ATM::ResultsInfo as AtmResultsInfo
+
+from
+  AtmConfig::AtmConfig cfg, JS::DataFlow::PathNode source, JS::DataFlow::PathNode sink, float score
+where cfg.hasBoostedFlowPath(source, sink, score)
+select cfg, cfg.getASinkEndpointType().getEncoding(), sink.getNode(), source.getNode(), score

javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/SurfaceKnownSinks.expected

@@ -0,0 +1,458 @@
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`event . data `\|`this . addEventListener ( 'message' , function ( event ) { document . write ( event . data ) ; } ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data `\|`this . addEventListener ( 'message' , function ( { data } ) { document . write ( data ) ; } ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`event . data `\|`function foo ( x , event , y ) { document . write ( x . data ) ; document . write ( event . data ) ; document . write ( y . data ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`\u0275getDOM ( ) . getLocation ( ) . href `\|`this . sanitizer . bypassSecurityTrustHtml ( \u0275getDOM ( ) . getLocation ( ) . href ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . params . foo `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . params . foo ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . queryParams . foo `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . queryParams . foo ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . fragment `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . fragment ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . paramMap . get ( 'foo' ) `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . paramMap . get ( 'foo' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . queryParamMap . get ( 'foo' ) `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . queryParamMap . get ( 'foo' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`map . get ( 'foo' ) `\|`this . route . paramMap . subscribe ( map => { this . sanitizer . bypassSecurityTrustHtml ( map . get ( 'foo' ) ) ; } ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . url [ 1 ] . path `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . url [ 1 ] . path ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . url [ 1 ] . parameters . x `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . url [ 1 ] . parameters . x ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . url [ 1 ] . parameterMap . get ( 'x' ) `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . url [ 1 ] . parameterMap . get ( 'x' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . url [ 1 ] . parameterMap . params . x `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . url [ 1 ] . parameterMap . params . x ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . router . url `\|`this . sanitizer . bypassSecurityTrustHtml ( this . router . url ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . router . url `\|`this . sanitizer2 . bypassSecurityTrustHtml ( this . router . url ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`routeSnapshot . paramMap . get ( 'foo' ) `\|`someMethod ( routeSnapshot : ActivatedRouteSnapshot ) { this . sanitizer . bypassSecurityTrustHtml ( routeSnapshot . paramMap . get ( 'foo' ) ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  <span class=  ${ classNames ( window . name ) }  >Hello<span>   `\|`document . body . innerHTML =   <span class=  ${ classNames ( window . name ) }  >Hello<span>   ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  <span class=  ${ classNamesD ( window . name ) }  >Hello<span>   `\|`document . body . innerHTML =   <span class=  ${ classNamesD ( window . name ) }  >Hello<span>   ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  <span class=  ${ classNamesB ( window . name ) }  >Hello<span>   `\|`document . body . innerHTML =   <span class=  ${ classNamesB ( window . name ) }  >Hello<span>   ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  <span class=  ${ unsafeStyle ( 'foo' ) }  >Hello<span>   `\|`document . body . innerHTML =   <span class=  ${ unsafeStyle ( 'foo' ) }  >Hello<span>   ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  <span class=  ${ safeStyle ( window . name ) }  >Hello<span>   `\|`document . body . innerHTML =   <span class=  ${ safeStyle ( window . name ) }  >Hello<span>   ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  <span class=  ${ clsx ( window . name ) }  >Hello<span>   `\|`document . body . innerHTML =   <span class=  ${ clsx ( window . name ) }  >Hello<span>   ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`getTaint ( ) `\|`getTaint ( ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`getTaint ( ) `\|`d => getTaint ( ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`getTaint ( ) `\|`d => getTaint ( ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`getTaint ( ) `\|`selection . attr ( 'foo' , 'bar' ) . html ( getTaint ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  Time is  ${ dateFns . format ( time , taint ) }    `\|`document . body . innerHTML =   Time is  ${ dateFns . format ( time , taint ) }    ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  Time is  ${ dateFnsEsm . format ( time , taint ) }    `\|`document . body . innerHTML =   Time is  ${ dateFnsEsm . format ( time , taint ) }    ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  Time is  ${ dateFnsFp . format ( taint ) ( time ) }    `\|`document . body . innerHTML =   Time is  ${ dateFnsFp . format ( taint ) ( time ) }    ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  Time is  ${ moment ( time ) . format ( taint ) }    `\|`document . body . innerHTML =   Time is  ${ moment ( time ) . format ( taint ) }    ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  Time is  ${ dateformat ( time , taint ) }    `\|`document . body . innerHTML =   Time is  ${ dateformat ( time , taint ) }    ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<h2><a href= ' + location . href + ' >A link</a></h2>' `\|`document . getElementById ( 'my-id' ) . onclick = function ( ) { this . parentNode . innerHTML = '<h2><a href= ' + location . href + ' >A link</a></h2>' ; } ;  `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . param (  wobble  ) `\|`new JSDOM ( req . param (  wobble  ) , { runScripts :  dangerously  } ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`$ ( tainted ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <div id=    + tainted +    >  `\|`$ (  <div id=    + tainted +    >  ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` XSS:   + tainted `\|`$ (  body  ) . html (  XSS:   + tainted ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . location . hash `\|`$ ( window . location . hash ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <b>  + location . toString ( ) +  </b>  `\|`$ (  <b>  + location . toString ( ) +  </b>  ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`decodeURIComponent ( window . location . hash ) `\|`elm . innerHTML = decodeURIComponent ( window . location . hash ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`decodeURIComponent ( window . location . search ) `\|`elm . innerHTML = decodeURIComponent ( window . location . search ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`decodeURIComponent ( window . location . toString ( ) ) `\|`elm . innerHTML = decodeURIComponent ( window . location . toString ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`decoded . foo `\|`jwt . verify ( taint , 'my-secret-key' , function ( err , decoded ) { new JSDOM ( decoded . foo , { runScripts :  dangerously  } ) ; } ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  Hi, you got a message from someone.  ${ req . query . message } .   `\|`html :   Hi, you got a message from someone.  ${ req . query . message } .   `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`$ ( 'myId' ) . html ( target ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`$ ( 'myId' ) . html ( tainted ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`x `\|`$ ( 'myId' ) . html ( x ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted2 `\|`$ ( 'myId' ) . html ( tainted2 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted2 `\|`$ ( 'myId' ) . html ( tainted2 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted3 `\|`$ ( 'myId' ) . html ( tainted3 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted3 `\|`$ ( 'myId' ) . html ( tainted3 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`sanitize ? sanitizeBad ( target ) : target `\|`$ ( 'myId' ) . html ( sanitize ? sanitizeBad ( target ) : target ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`app . get ( '/some/path' , function ( req , res ) { let tainted = req . param (  code  ) ; < WebView html = { tainted } / > ; < WebView source = { { html : tainted } } / > ; } ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`< WebView source = { { html : tainted } } / > ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . name `\|`export function useDoc1 ( ) { let { root } = useMyContext ( ) ; root . appendChild ( window . name ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . name `\|`foo ( ) { let { root } = this . context ; root . appendChild ( window . name ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`state `\|`function initialState ( ) { let [ state , setState ] = useState ( window . name ) ; return < div dangerouslySetInnerHTML = { { __html : state } } > < / div > ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`state `\|`return < div dangerouslySetInnerHTML = { { __html : state } } > < / div > ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`state `\|`return < div dangerouslySetInnerHTML = { { __html : state } } > < / div > ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`prev `\|`setState ( prev => { document . body . innerHTML = prev ; } ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<b>' + tainted + '</b>' `\|`{ elt . innerHTML = '<b>' + tainted + '</b>' ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<b>' + tainted + '</b>' `\|`{ elt . innerHTML = '<b>' + tainted + '</b>' ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<b>' + tainted + '</b>' `\|`{ elt . innerHTML = '<b>' + tainted + '</b>' ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<b>' + tainted + '</b>' `\|`{ elt . innerHTML = '<b>' + tainted + '</b>' ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<b>' + tainted + '</b>' `\|`{ elt . innerHTML = '<b>' + tainted + '</b>' ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted . replace ( /< w+/g , '' ) `\|`elt . innerHTML = tainted . replace ( /< w+/g , '' ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`sessionStorage . getItem ( 'session' ) `\|`$ ( 'myId' ) . html ( sessionStorage . getItem ( 'session' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`localStorage . getItem ( 'local' ) `\|`$ ( 'myId' ) . html ( localStorage . getItem ( 'local' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <a href=    + href +  >foobar</a>  `\|`$ ( 'myId' ) . html (  <a href=    + href +  >foobar</a>  ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location `\|`document . write ( document . location ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . href `\|`document . write ( document . location . href ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . href . valueOf ( ) `\|`document . write ( document . location . href . valueOf ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . href . sup ( ) `\|`document . write ( document . location . href . sup ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . href . toUpperCase ( ) `\|`document . write ( document . location . href . toUpperCase ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . href . trimLeft ( ) `\|`document . write ( document . location . href . trimLeft ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`String . fromCharCode ( document . location . href ) `\|`document . write ( String . fromCharCode ( document . location . href ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`String ( document . location . href ) `\|`document . write ( String ( document . location . href ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`searchParams . get ( 'term' ) `\|`$ ( 'original-term' ) . html ( searchParams . get ( 'term' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data . src `\|`foo . setAttribute (  src  , data . src ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data . p `\|`foo . setAttribute (  HREF  , data . p ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data . p `\|`foo . setAttribute (  xlink:href  , data . p ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data . p `\|`foo . setAttributeNS ( 'xlink' , 'href' , data . p ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data . p `\|`foo . setAttributeNS ( 'foobar' , 'href' , data . p ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`$ ( 'myId' ) . html ( target ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <OPTION value=1>  + document . location . href . substring ( document . location . href . indexOf (  default=  ) + 8 ) +  </OPTION>  `\|`document . write (  <OPTION value=1>  + document . location . href . substring ( document . location . href . indexOf (  default=  ) + 8 ) +  </OPTION>  ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<div style= width:' + target + 'px >' `\|`$ ( '<div style= width:' + target + 'px >' ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`params . get ( 'name' ) `\|`$ ( 'name' ) . html ( params . get ( 'name' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`searchParams . get ( 'name' ) `\|`$ ( 'name' ) . html ( searchParams . get ( 'name' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`function foo ( target ) { $ ( 'myId' ) . html ( target ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`bar ( ) `\|`$ ( 'myId' ) . html ( bar ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`baz ( document . location . search ) `\|`$ ( 'myId' ) . html ( baz ( document . location . search ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`wrap ( document . location . search ) `\|`$ ( 'myId' ) . html ( wrap ( document . location . search ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`chop ( document . location . search ) `\|`$ ( 'myId' ) . html ( chop ( document . location . search ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`chop ( document . location . search ) `\|`$ ( 'myId' ) . html ( chop ( document . location . search ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`wrap ( chop ( bar ( ) ) ) `\|`$ ( 'myId' ) . html ( wrap ( chop ( bar ( ) ) ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`s `\|`function dangerouslySetInnerHtml ( s ) { $ ( 'myId' ) . html ( s ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`bar ( ) `\|`$ ( 'myId' ) . html ( bar ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`x `\|`if ( x ) $ ( 'myId' ) . html ( x ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`let s = < span dangerouslySetInnerHTML = { { __html : document . location . search } } / > ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`$sce . trustAsHtml ( document . location . search ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`$sce . trustAsCss ( document . location . search ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`$sce . trustAs ( $sce . HTML , document . location . search ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`$sce . trustAs ( $sce . CSS , document . location . search ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`function ( ) { angular . element ( '<div>' ) . html ( document . location . search ) ; angular . element ( '<div>' ) . html ( 'SAFE' ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`link : function ( scope , element ) { element . html ( document . location . search ) ; element . html ( 'SAFE' ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`function ( ) { angular . element ( document . location . search ) ; angular . element ( 'SAFE' ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`v `\|`document . write ( v ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`v `\|`document . write ( v ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`v `\|`function ( ) { return function ( v ) { $ (  <div>  ) . html ( v ) ; } } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`xssSourceService ( ) `\|`[  xssSourceService  , function ( xssSourceService ) { $ (  <div>  ) . html ( xssSourceService ( ) ) ; } ] `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`parser . parseFromString ( target ,  application/xml  ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`document . body . innerHTML = tainted ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`document . createElement ( ) . innerHTML = tainted ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`createElement ( ) . innerHTML = tainted ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`document . getElementsByClassName ( ) [ 0 ] . innerHTML = tainted ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`getElementsByClassName ( ) [ 0 ] . innerHTML = tainted ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`getElementsByClassName ( ) . item ( ) . innerHTML = tainted ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`React . createElement (  div  , { dangerouslySetInnerHTML : { __html : tainted } } ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`React . createFactory (  div  ) ( { dangerouslySetInnerHTML : { __html : tainted } } ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . state . tainted1 `\|`$ ( 'myId' ) . html ( this . state . tainted1 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . state . tainted2 `\|`$ ( 'myId' ) . html ( this . state . tainted2 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . state . tainted3 `\|`$ ( 'myId' ) . html ( this . state . tainted3 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`prevState . tainted4 `\|`this . setState ( prevState => { $ ( 'myId' ) . html ( prevState . tainted4 ) } ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . props . tainted1 `\|`$ ( 'myId' ) . html ( this . props . tainted1 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . props . tainted2 `\|`$ ( 'myId' ) . html ( this . props . tainted2 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . props . tainted3 `\|`$ ( 'myId' ) . html ( this . props . tainted3 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`prevProps . tainted4 `\|`this . setState ( ( prevState , prevProps ) => { $ ( 'myId' ) . html ( prevProps . tainted4 ) } ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . state . stateTainted `\|`render ( ) { return < span dangerouslySetInnerHTML = { { __html : this . state . stateTainted } } / > ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . name `\|`function windowName ( ) { $ ( window . name ) ; $ ( name ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`name `\|`function windowName ( ) { $ ( window . name ) ; $ ( name ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . name `\|`for ( name of [ 'a' , 'b' ] ) { $ ( window . name ) ; $ ( name ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`location `\|`$ ( location ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . location `\|`$ ( window . location ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location `\|`$ ( document . location ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`loc1 `\|`$ ( loc1 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`loc2 `\|`$ ( loc2 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`loc3 `\|`$ ( loc3 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`location `\|`$ (  body  ) . append ( location ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`var documentFragment = range . createContextualFragment ( tainted ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`e `\|`catch ( e ) { $ (  body  ) . append ( e ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`e `\|`catch ( e ) { $ (  body  ) . append ( e ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`location `\|`function handlebarsSafeString ( ) { return new Handlebars . SafeString ( location ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`params . get ( 'name' ) `\|`$ ( 'name' ) . html ( params . get ( 'name' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`getUrl ( ) . hash . substring ( 1 ) `\|`$ ( getUrl ( ) . hash . substring ( 1 ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`function growl ( ) { var target = document . location . search $ . jGrowl ( target ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`this . html ( target ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`this . innerHTML = target ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`e . innerHTML = target ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`$ ( 'myId' ) . html ( target ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`$ ( 'myId' ) . html ( target ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . taint `\|`$ ( 'myId' ) . html ( target . taint ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . taint3 `\|`$ ( 'myId' ) . html ( target . taint3 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . taint5 `\|`$ ( 'myId' ) . html ( target . taint5 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . taint7 `\|`$ ( 'myId' ) . html ( target . taint7 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . taint8 `\|`$ ( 'myId' ) . html ( target . taint8 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`payload `\|`document . write ( payload ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`match [ 1 ] `\|`if ( match ) { document . write ( match [ 1 ] ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . location . hash . split ( '#' ) [ 1 ] `\|`document . write ( window . location . hash . split ( '#' ) [ 1 ] ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . replace ( /<metadata>[ s S]*< /metadata>/ , '<metadata></metadata>' ) `\|`$ (  #foo  ) . html ( target . replace ( /<metadata>[ s S]*< /metadata>/ , '<metadata></metadata>' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`val `\|`templates : { suggestion : function ( val ) { return val ; } } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <div>  + tainted +  </div>  `\|`$ (  <div>  + tainted +  </div>  ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  <div> ${ tainted } </div>   `\|`$ (   <div> ${ tainted } </div>   ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <div>  . concat ( tainted ) . concat (  </div>  ) `\|`$ (  <div>  . concat ( tainted ) . concat (  </div>  ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`[  <div>  , tainted ,  </div>  ] . join ( ) `\|`$ ( [  <div>  , tainted ,  </div>  ] . join ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <div id=    + tainted +    />  `\|`$ (  <div id=    + tainted +    />  ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  <div id=  ${ tainted }  />   `\|`$ (   <div id=  ${ tainted }  />   ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <div id=    . concat ( tainted ) . concat (  />  ) `\|`$ (  <div id=    . concat ( tainted ) . concat (  />  ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`[  <div id=    , tainted ,    />  ] . join ( ) `\|`$ ( [  <div id=    , tainted ,    />  ] . join ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`indirection1 ( document . location . search . attrs ) `\|`$ ( indirection1 ( document . location . search . attrs ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`indirection2 ( document . location . search . attrs ) `\|`$ ( indirection2 ( document . location . search . attrs ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`function test ( elt ) { var tainted = document . location . search . substring ( 1 ) ; WinJS . Utilities . setInnerHTMLUnsafe ( elt , tainted ) ; WinJS . Utilities . setOuterHTMLUnsafe ( elt , tainted ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`WinJS . Utilities . setOuterHTMLUnsafe ( elt , tainted ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`foo `\|`$ ( 'myId' ) . html ( foo ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`if ( checkSchema ( query ) ) { doc . find ( query ) ; } `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`if ( ajv . validate ( schema , query ) ) { doc . find ( query ) ; } `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`if ( validate ( query ) ) { doc . find ( query ) ; } `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . myDoc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`{ tags : tag } `\|`{ tags : tag } `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`{ tags : tag } `\|`{ tags : tag } `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`[ query ] `\|`Document . aggregate ( [ query ] ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . count ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . deleteMany ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . deleteOne ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . distinct ( 'type' , query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOne ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOneAndDelete ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOneAndRemove ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOneAndUpdate ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . replaceOne ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . update ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . updateMany ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . updateOne ( query ) . then ( X ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findByIdAndUpdate ( X , query , function ( ) { } ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`new Mongoose . Query ( X , Y , query ) . and ( query , function ( ) { } ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`new Mongoose . Query ( X , Y , query ) . and ( query , function ( ) { } ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . where ( query ) . where ( query ) . and ( query ) `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . where ( query ) . where ( query ) . and ( query ) . or ( query ) `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . where ( query ) . where ( query ) . and ( query ) . or ( query ) . distinct ( X , query ) `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | nosql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`query `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | nosql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`query `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | nosql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`query `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Mongoose . createConnection ( X ) . model ( Y ) . count ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Mongoose . createConnection ( X ) . models [ Y ] . count ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOne ( X , ( err , res ) => res . count ( query ) ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOne ( X ) . exec ( ( err , res ) => res . count ( query ) ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOne ( X ) . then ( ( res ) => res . count ( query ) ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . find ( X , ( err , res ) => res [ i ] . count ( query ) ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . find ( X ) . exec ( ( err , res ) => res [ i ] . count ( query ) ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . find ( X ) . then ( ( res ) => res [ i ] . count ( query ) ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | nosql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`new C ( X , Y , query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOneAndUpdate ( X , query , function ( ) { } ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . deleteMany ( cond ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . deleteOne ( cond ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . geoSearch ( cond ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . remove ( cond ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . replaceOne ( cond , Y ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . find ( cond ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . findOne ( cond ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`id `\|`Document . findById ( id ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . findOneAndDelete ( cond ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . findOneAndRemove ( cond ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . findOneAndUpdate ( cond , Y ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . update ( cond , Y ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . updateMany ( cond , Y ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . updateOne ( cond , Y ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`{ _id : id } `\|`Document . find ( { _id : id } ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`{ id : v } `\|`MyModel . find ( { id : v } ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`{ id : req . body . id } `\|`MyModel . find ( { id : req . body . id } ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . body . key `\|`client . set ( req . body . key ,  value  ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`client . set ( key ,  value  ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`client . hmset (  key  ,  field  ,  value  , key ,  value2  ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`key `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`client . duplicate ( ( err , newClient ) => { newClient . set ( key ,  value  ) ; } ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`client . duplicate ( ) . set ( key ,  value  ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`client . set ( key ,  value  ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`const foo1 = setAsync ( key ,  value  ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`const foo2 = client . setAsync ( key ,  value  ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`taint `\|`onRequest ( req , res ) { let taint = req . params . x ; this . db . one ( taint ) ; res . end ( ) ; } `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . any ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . many ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . manyOrNone ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . map ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . multi ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . multiResult ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . none ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . one ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . oneOrNone ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . query ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . result ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . one ( { text : query } ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . id `\|`db . one ( { text : 'SELECT * FROM news where id = $1:raw' , values : req . params . id , } ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . id `\|`db . one ( { text : 'SELECT * FROM news where id = $1^' , values : req . params . id , } ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`[ req . params . id , req . params . name , req . params . foo , ] `\|`db . one ( { text : 'SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3' , values : [ req . params . id , req . params . name , req . params . foo , ] } ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | sql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . id `\|`req . params . id `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . name `\|`values : [ req . params . id , req . params . name , req . params . foo , ] `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | sql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . id `\|`values : { id : req . params . id , name : req . params . name , } `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | sql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . id `\|`id : req . params . id `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | sql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . title `\|`title : req . params . title `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . task ( t => { return t . one ( query ) ; } ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . task ( { cnd : t => t . one ( query ) } , t => t . one ( query ) ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  INSERT INTO users(name) VALUES  ${ handle }    `\|`io . on ( 'connection' , ( socket ) => { socket . on ( 'newuser' , ( handle ) => { db . run (   INSERT INTO users(name) VALUES  ${ handle }    ) ; } ) ; } ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` select * from mytable where id = '  + req . params . id +  '  `\|`new sql . Request ( ) . query (  select * from mytable where id = '  + req . params . id +  '  ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query1 `\|`pool . query ( query1 , [ ] , function ( err , results ) { } ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'SELECT * FROM Post WHERE id =  ' + $routeParams . id + ' ' `\|`angular . module ( 'myApp' , [ 'ngRoute' ] ) . controller ( 'FindPost' , function ( $routeParams ) { db . get ( 'SELECT * FROM Post WHERE id =  ' + $routeParams . id + ' ' ) ; } ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'SELECT * FROM Post WHERE id =  ' + req . params . id + ' ' `\|`app . get ( '/post/:id' , function ( req , res ) { db . get ( 'SELECT * FROM Post WHERE id =  ' + req . params . id + ' ' ) ; } ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`join (  public  , path ) `\|`res . write ( readFileSync ( join (  public  , path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` /home/user/  + path `\|`res . write ( fs . readFileSync (  /home/user/  + path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( path . indexOf (  secret  ) == - 1 ) res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( fs . existsSync ( path ) ) res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( path === 'foo.txt'    path === 'bar.txt'    someOpaqueCondition ( ) ) res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . basename ( path ) `\|`res . write ( fs . readFileSync ( pathModule . basename ( path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . dirname ( path ) `\|`res . write ( fs . readFileSync ( pathModule . dirname ( path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . extname ( path ) `\|`res . write ( fs . readFileSync ( pathModule . extname ( path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( path ) `\|`res . write ( fs . readFileSync ( pathModule . join ( path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( x , y , path , z ) `\|`res . write ( fs . readFileSync ( pathModule . join ( x , y , path , z ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . normalize ( path ) `\|`res . write ( fs . readFileSync ( pathModule . normalize ( path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . relative ( x , path ) `\|`res . write ( fs . readFileSync ( pathModule . relative ( x , path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . relative ( path , x ) `\|`res . write ( fs . readFileSync ( pathModule . relative ( path , x ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . resolve ( path ) `\|`res . write ( fs . readFileSync ( pathModule . resolve ( path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . resolve ( x , y , path , z ) `\|`res . write ( fs . readFileSync ( pathModule . resolve ( x , y , path , z ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . toNamespacedPath ( path ) `\|`res . write ( fs . readFileSync ( pathModule . toNamespacedPath ( path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | path injection sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`Cookie . get (  unsafe  ) `\|`function ( ) { return { templateUrl : Cookie . get (  unsafe  ) } } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`require (  querystringify  ) . parse ( req . url ) . query `\|`res . write ( fs . readFileSync ( require (  querystringify  ) . parse ( req . url ) . query ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`require (  query-string  ) . parse ( req . url ) . query `\|`res . write ( fs . readFileSync ( require (  query-string  ) . parse ( req . url ) . query ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`require (  querystring  ) . parse ( req . url ) . query `\|`res . write ( fs . readFileSync ( require (  querystring  ) . parse ( req . url ) . query ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params [ 0 ] `\|`var views_local = ( req , res ) => res . render ( req . params [ 0 ] ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`fs . realpathSync ( path ) `\|`res . write ( fs . readFileSync ( fs . realpathSync ( path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`realpath `\|`fs . realpath ( path , function ( err , realpath ) { res . write ( fs . readFileSync ( realpath ) ) ; } ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`require ( 'send' ) ( req , path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`split . join (  /  ) `\|`fs . readFileSync ( split . join (  /  ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`prefix + split [ split . length - 1 ] `\|`fs . readFileSync ( prefix + split [ split . length - 1 ] ) `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`split [ x ] `\|`fs . readFileSync ( split [ x ] ) `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`prefix + split [ x ] `\|`fs . readFileSync ( prefix + split [ x ] ) `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`concatted . join (  /  ) `\|`fs . readFileSync ( concatted . join (  /  ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`concatted2 . join (  /  ) `\|`fs . readFileSync ( concatted2 . join (  /  ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`split . pop ( ) `\|`fs . readFileSync ( split . pop ( ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[ ] [*,;'  <>  ? /]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[ ] [*,;'  <>  ? /]/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[abcd]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[abcd]/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[./]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[./]/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[foobar/foobar]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[foobar/foobar]/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / //g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / //g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / .  //g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / .  //g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[.]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[.]/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[..]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[..]/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / ./g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / ./g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / . . BLA/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / . . BLA/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[.]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[.]/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[..]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[..]/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / ./g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / ./g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / . . BLA/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / . . BLA/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` prefix  + pathModule . normalize ( path ) . replace ( /^( . .[ /  ])+/ , '' ) `\|`res . write ( fs . readFileSync (  prefix  + pathModule . normalize ( path ) . replace ( /^( . .[ /  ])+/ , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` prefix  + pathModule . normalize ( path ) . replace ( /( . .[ /  ])+/ , '' ) `\|`res . write ( fs . readFileSync (  prefix  + pathModule . normalize ( path ) . replace ( /( . .[ /  ])+/ , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` prefix  + pathModule . normalize ( path ) . replace ( /( . . /)+/ , '' ) `\|`res . write ( fs . readFileSync (  prefix  + pathModule . normalize ( path ) . replace ( /( . . /)+/ , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` prefix  + pathModule . normalize ( path ) . replace ( /( . . /)*/ , '' ) `\|`res . write ( fs . readFileSync (  prefix  + pathModule . normalize ( path ) . replace ( /( . . /)*/ , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` prefix  + path . replace ( /^( . .[ /  ])+/ , '' ) `\|`res . write ( fs . readFileSync (  prefix  + path . replace ( /^( . .[ /  ])+/ , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . normalize ( path ) . replace ( /^( . .[ /  ])+/ , '' ) `\|`res . write ( fs . readFileSync ( pathModule . normalize ( path ) . replace ( /^( . .[ /  ])+/ , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'./' + path `\|`fs . readFileSync ( './' + path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path + '/index.html' `\|`fs . readFileSync ( path + '/index.html' ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( path , 'index.html' ) `\|`fs . readFileSync ( pathModule . join ( path , 'index.html' ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( '/home/user/www' , path ) `\|`fs . readFileSync ( pathModule . join ( '/home/user/www' , path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'./' + path `\|`fs . readFileSync ( './' + path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path + '/index.html' `\|`fs . readFileSync ( path + '/index.html' ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( path , 'index.html' ) `\|`fs . readFileSync ( pathModule . join ( path , 'index.html' ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( '/home/user/www' , path ) `\|`fs . readFileSync ( pathModule . join ( '/home/user/www' , path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith (  .  ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith (  ..  ) ) fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith (  ../  ) ) fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith (  ..  + pathModule . sep ) ) fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` ./  + path `\|`fs . readFileSync (  ./  + path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path +  /index.html  `\|`fs . readFileSync ( path +  /index.html  ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! pathModule . isAbsolute ( path ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith (  ..  ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( path [ 0 ] !==  /  && path [ 0 ] !==  .  ) fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( path , 'index.html' ) `\|`fs . readFileSync ( pathModule . join ( path , 'index.html' ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( '.' , path ) `\|`fs . readFileSync ( pathModule . join ( '.' , path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( '/home/user/www' , path ) `\|`fs . readFileSync ( pathModule . join ( '/home/user/www' , path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith ( '..' ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith ( '..' ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . includes ( '..' ) ) fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! pathModule . isAbsolute ( path ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( pathModule . isAbsolute ( path ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( path . includes ( '..' ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . includes ( '..' ) && ! pathModule . isAbsolute ( path ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`fs . readFileSync ( normalizedPath ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`if ( normalizedPath . startsWith ( '/home/user/www' )    normalizedPath . startsWith ( '/home/user/public' ) ) fs . readFileSync ( normalizedPath ) ; else fs . readFileSync ( normalizedPath ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`fs . readFileSync ( normalizedPath ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! pathModule . isAbsolute ( path ) && ! path . startsWith ( '..' ) ) fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! pathModule . isAbsolute ( path ) && ! path . startsWith ( '..' ) ) fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`{ fs . readFileSync ( path ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`newpath `\|`{ fs . readFileSync ( newpath ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`newpath `\|`{ fs . readFileSync ( newpath ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`newpath `\|`{ fs . readFileSync ( newpath ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`newpath `\|`{ fs . readFileSync ( newpath ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`{ fs . readFileSync ( path ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`{ fs . readFileSync ( path ) ; return ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`{ fs . readFileSync ( path ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`{ fs . readFileSync ( normalizedPath ) ; return ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`{ fs . readFileSync ( normalizedPath ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`{ fs . readFileSync ( normalizedPath ) ; return ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`{ fs . readFileSync ( normalizedPath ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( abs . indexOf ( root ) !== 0 ) { fs . readFileSync ( path ) ; return ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`requestPath `\|`{ targetPath = rootPath ; fs . readFileSync ( requestPath ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`gracefulFs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fsExtra . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`originalFs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`getFsModule ( true ) . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`getFsModule ( false ) . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`require (  ./my-fs-module  ) . require ( true ) . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`flexibleModuleName . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`util . promisify ( fs . readFileSync ) ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`require (  bluebird  ) . promisify ( fs . readFileSync ) ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`require (  bluebird  ) . promisifyAll ( fs ) . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`asyncFS . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`await page . pdf ( { path : tainted , format : 'a4' } ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`for ( let i = 0 ; i < something ( ) ; i ++ ) { pages [ i ] . screenshot ( { path : tainted } ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`obj . sub `\|`fs . readFileSync ( obj . sub ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`obj . sub3 `\|`fs . readFileSync ( obj . sub3 ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`obj . sub4 `\|`obj . sub4 = fs . readFileSync ( obj . sub4 ) ? fs . readFileSync ( obj . sub4 ) : fs . readFileSync ( obj . sub4 ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`obj . sub4 `\|`obj . sub4 = fs . readFileSync ( obj . sub4 ) ? fs . readFileSync ( obj . sub4 ) : fs . readFileSync ( obj . sub4 ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | path injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`obj . sub4 `\|`fs . readFileSync ( obj . sub4 ) ? fs . readFileSync ( obj . sub4 ) : fs . readFileSync ( obj . sub4 ) `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`[ 'public' , path ] . join ( '/' ) `\|`res . write ( fs . readFileSync ( [ 'public' , path ] . join ( '/' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`parts . join ( '/' ) `\|`res . write ( fs . readFileSync ( parts . join ( '/' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . param (  module  ) `\|`app . get ( '/some/path' , function ( req , res ) { var m = require ( req . param (  module  ) ) ; } ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . param (  gimme  ) `\|`res . sendFile ( req . param (  gimme  ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . param (  gimme  ) `\|`res . sendfile ( req . param (  gimme  ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . param (  dir  ) `\|`res . sendFile ( req . param (  file  ) , { root : req . param (  dir  ) } ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`homeDir + '/data/' + req . params . x `\|`res . sendFile ( homeDir + '/data/' + req . params . x ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'data/' + req . params . x `\|`res . sendfile ( 'data/' + req . params . x ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . resolve ( 'data' , req . params . x ) `\|`res . sendFile ( path . resolve ( 'data' , req . params . x ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . join ( 'data' , req . params . x ) `\|`res . sendfile ( path . join ( 'data' , req . params . x ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`homeDir + path . join ( 'data' , req . params . x ) `\|`res . sendFile ( homeDir + path . join ( 'data' , req . params . x ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . substring ( i , j ) `\|`fs . readFileSync ( path . substring ( i , j ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . substring ( 4 ) `\|`fs . readFileSync ( path . substring ( 4 ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . substring ( 0 , i ) `\|`fs . readFileSync ( path . substring ( 0 , i ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . substr ( 4 ) `\|`fs . readFileSync ( path . substr ( 4 ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . slice ( 4 ) `\|`fs . readFileSync ( path . slice ( 4 ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . concat ( unknown ) `\|`fs . readFileSync ( path . concat ( unknown ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`unknown . concat ( path ) `\|`fs . readFileSync ( unknown . concat ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`unknown . concat ( unknown , path ) `\|`fs . readFileSync ( unknown . concat ( unknown , path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . trim ( ) `\|`fs . readFileSync ( path . trim ( ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . toLowerCase ( ) `\|`fs . readFileSync ( path . toLowerCase ( ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( '/' ) `\|`fs . readFileSync ( path . split ( '/' ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( '/' ) [ 0 ] `\|`fs . readFileSync ( path . split ( '/' ) [ 0 ] ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( '/' ) [ i ] `\|`fs . readFileSync ( path . split ( '/' ) [ i ] ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( / // ) [ i ] `\|`fs . readFileSync ( path . split ( / // ) [ i ] ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split (  ?  ) [ 0 ] `\|`fs . readFileSync ( path . split (  ?  ) [ 0 ] ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( unknown ) [ i ] `\|`fs . readFileSync ( path . split ( unknown ) [ i ] ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( unknown ) . whatever `\|`fs . readFileSync ( path . split ( unknown ) . whatever ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( unknown ) `\|`fs . readFileSync ( path . split ( unknown ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split (  ?  ) [ i ] `\|`fs . readFileSync ( path . split (  ?  ) [ i ] ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`loc `\|`return fs . readFileSync ( loc ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path3 `\|`path3 &&= res . write ( fs . readFileSync ( path3 ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path4 `\|`path4 ??= res . write ( fs . readFileSync ( path4 ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path6 `\|`res . write ( fs . readFileSync ( path6 ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params [ 0 ] `\|`module . exports = ( req , res ) => res . render ( req . params [ 0 ] ) ;  `\| |

javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/SurfaceKnownSinks.ql

@@ -0,0 +1,26 @@
+/*
+ * SurfaceKnownSinks.ql
+ *
+ * This test surfaces all the known sinks for each sink type, together with the codex prompt and the prediction codex
+ * returns for each sink. It can be used to determine how well codex reproduces the manual modeling for each sink type.
+ */
+
+private import javascript as JS
+import extraction.NoFeaturizationRestrictionsConfig
+private import experimental.adaptivethreatmodeling.ATMConfig as AtmConfig
+private import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAtm
+private import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
+private import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
+private import experimental.adaptivethreatmodeling.XssATM as XssAtm
+private import experimental.adaptivethreatmodeling.EndpointScoring as EndpointScoring
+
+from
+  AtmConfig::AtmConfig cfg, JS::DataFlow::PathNode sink, string prompt, string prediction,
+  string groundTruth
+where
+  cfg.isKnownSink(sink.getNode()) and
+  EndpointScoring::ModelScoring::internalEnpointScores(sink.getNode(), prediction) and
+  EndpointScoring::ModelScoring::getEndpointPromptForAnyEndpoint(sink.getNode(), prompt) and
+  cfg.getASinkEndpointType().getDescription() = groundTruth
+select cfg, cfg.getASinkEndpointType().getEncoding(), sink.getNode(), groundTruth, prediction,
+  prompt

javascript/ql/lib/semmle/javascript/Locations.qll

@@ -40,6 +40,19 @@ class Location extends @location {
     )
   }
 
+  /** Holds if this location starts before or at the same place as location `that`. */
+  pragma[inline]
+  predicate startsBeforeOrWith(Location that) {
+    exists(File f, int sl1, int sc1, int sl2, int sc2 |
+      locations_default(this, f, sl1, sc1, _, _) and
+      locations_default(that, f, sl2, sc2, _, _)
+    |
+      sl1 < sl2
+      or
+      sl1 = sl2 and sc1 <= sc2
+    )
+  }
+
   /** Holds if this location ends after location `that`. */
   pragma[inline]
   predicate endsAfter(Location that) {
@@ -53,12 +66,34 @@ class Location extends @location {
     )
   }
 
+  /** Holds if this location ends after or at the same place as location `that`. */
+  pragma[inline]
+  predicate endsAfterOrWith(Location that) {
+    exists(File f, int el1, int ec1, int el2, int ec2 |
+      locations_default(this, f, _, _, el1, ec1) and
+      locations_default(that, f, _, _, el2, ec2)
+    |
+      el1 > el2
+      or
+      el1 = el2 and ec1 >= ec2
+    )
+  }
+
   /**
    * Holds if this location contains location `that`, meaning that it starts
    * before and ends after it.
    */
   predicate contains(Location that) { this.startsBefore(that) and this.endsAfter(that) }
 
+  /**
+   * Holds if this location contains location `that`, meaning that it starts
+   * before or at the same place and ends after or at the same place.
+   */
+  pragma[inline]
+  predicate containsLoosely(Location that) {
+    this.startsBeforeOrWith(that) and this.endsAfterOrWith(that)
+  }
+
   /** Holds if this location is empty. */
   predicate isEmpty() { exists(int l, int c | locations_default(this, _, l, c, l, c - 1)) }
 
@@ -72,6 +107,7 @@ class Location extends @location {
    * For more information, see
    * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
    */
+  pragma[inline]
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
@@ -88,6 +124,7 @@ class Locatable extends @locatable {
   File getFile() { result = this.getLocation().getFile() }
 
   /** Gets this element's location. */
+  pragma[inline]
   Location getLocation() {
     // overridden by subclasses
     none()
@@ -151,6 +188,7 @@ class Locatable extends @locatable {
  * to `none()`, which is unhelpful.
  */
 private class FileLocatable extends File, Locatable {
+  pragma[inline]
   override Location getLocation() { result = File.super.getLocation() }
 
   override string toString() { result = File.super.toString() }

javascript/ql/lib/semmle/javascript/Tokens.qll

@@ -17,6 +17,7 @@ import javascript
  * ```
  */
 class Token extends Locatable, @token {
+  pragma[inline]
   override Location getLocation() { hasLocation(this, result) }
 
   /** Gets the toplevel syntactic structure to which this token belongs. */