Compare commits

...

14 Commits

Author SHA1 Message Date
tiferet
3af4e65695 Subsample sinks before scoring to avoid DCA timeouts 2022-12-09 16:04:59 -08:00
tiferet
a67886e0aa In-line predicates that are costing a lot of compute time 2022-12-09 15:03:34 -08:00
tiferet
f8336ce9be Add a test that can be used to determine the alerts codex will surface for each query. 2022-12-08 13:26:08 -08:00
tiferet
68da966732 Bug fixes for things that interfere with using the codex model 2022-12-08 12:45:58 -08:00
tiferet
61360577ba Add a test that can be used to determine how well codex reproduces the manual modeling for each sink type. 2022-12-07 17:50:57 -08:00
tiferet
099916f88f Fix endpointScores 2022-12-07 17:38:47 -08:00
tiferet
fbcfd523f4 Bug fix in selecting a node's location:
Locations only exist where there are locatable structures in the DB. Thus, select the largest location that contains the node and at most `neighborhoodSize` lines before and after the node.
2022-12-07 16:28:43 -08:00
tiferet
7a8715d1ef Give endpoint types more intuitive names and then use those names directly in composing the codex prompt. 2022-12-07 16:25:14 -08:00
tiferet
c92bc77b59 Further improve the structure of endpoint scoring 2022-12-06 17:01:29 -08:00
tiferet
3f1ca89bd3 Remove tokens from the prompt that the Java side can't handle 2022-12-06 16:37:11 -08:00
tiferet
2a324f5c5d Change the prompt to use sink names defined in EndpointType 2022-12-06 14:35:16 -08:00
tiferet
9a8b0d7fb2 Improve the structure of endpoint scoring 2022-12-06 12:28:49 -08:00
tiferet
dfbfa5d27d Pull in the prompt work from branch tiferet/codex-prompt 2022-12-06 12:27:51 -08:00
tiferet
4a2046476a Merge in aeisenberg/atm-codex 2022-12-06 11:22:36 -08:00
11 changed files with 866 additions and 22 deletions

View File

@@ -63,6 +63,7 @@ class Location extends @location {
* For more information, see * For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/ */
pragma[inline]
predicate hasLocationInfo( predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn string filepath, int startline, int startcolumn, int endline, int endcolumn
) { ) {

View File

@@ -472,6 +472,7 @@ module TaintedWithPath {
* For more information, see * For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/ */
pragma[inline]
predicate hasLocationInfo( predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn string filepath, int startline, int startcolumn, int endline, int endcolumn
) { ) {

View File

@@ -9,6 +9,7 @@ private import BaseScoring
private import EndpointFeatures as EndpointFeatures private import EndpointFeatures as EndpointFeatures
private import FeaturizationConfig private import FeaturizationConfig
private import EndpointTypes private import EndpointTypes
private import ModelPrompt as ModelPrompt
private string getACompatibleModelChecksum() { private string getACompatibleModelChecksum() {
availableMlModels(result, "javascript", _, "atm-endpoint-scoring") availableMlModels(result, "javascript", _, "atm-endpoint-scoring")
@@ -33,12 +34,45 @@ module ModelScoring {
result = any(FeaturizationConfig cfg).getAnEndpointToFeaturize() result = any(FeaturizationConfig cfg).getAnEndpointToFeaturize()
} }
private int getARequestedEndpointType() { result = any(EndpointType type).getEncoding() } predicate getEndpointPrompt(DataFlow::Node node, string prompt) {
node = getARequestedEndpoint() and
prompt = ModelPrompt::ModelPrompt::getPrompt(node)
}
predicate endpointScores(DataFlow::Node endpoint, int encodedEndpointType, float score) = predicate endpointScores(DataFlow::Node endpoint, int encodedEndpointType, float score) {
scoreEndpoints(getARequestedEndpoint/0, EndpointFeatures::tokenFeatures/3, endpoint = getSampleFromSampleRate(0.1) and
EndpointFeatures::getASupportedFeatureName/0, getARequestedEndpointType/0, exists(EndpointType endpointType |
getACompatibleModelChecksum/0)(endpoint, encodedEndpointType, score) endpointType.getEncoding() = encodedEndpointType and
internalEnpointScores(endpoint, endpointType.getDescription()) and
score = 1.0
)
}
bindingset[rate]
DataFlow::Node getSampleFromSampleRate(float rate) {
exists(int r |
result =
rank[r](DataFlow::Node n, string path, int a, int b, int c, int d |
n.asExpr().getLocation().hasLocationInfo(path, a, b, c, d)
|
n order by path, a, b, c, d
) and
r % (1 / rate).ceil() = 0
)
}
pragma[inline]
predicate internalEnpointScores(DataFlow::Node endpoint, string prediction) =
remoteScoreEndpoints(getEndpointPrompt/2)(endpoint, prediction)
// For debugging queries, don't limit these to effective sinks:
predicate getEndpointPromptForAnyEndpoint(DataFlow::Node node, string prompt) {
prompt = ModelPrompt::ModelPrompt::getPrompt(node)
}
pragma[inline]
predicate internalEnpointScoresForAnyEndpoint(DataFlow::Node endpoint, string prediction) =
remoteScoreEndpoints(getEndpointPromptForAnyEndpoint/2)(endpoint, prediction)
} }
/** /**
@@ -70,9 +104,7 @@ private float getScoreForSink(DataFlow::Node sink) {
} }
class EndpointScoringResults extends ScoringResults { class EndpointScoringResults extends ScoringResults {
EndpointScoringResults() { EndpointScoringResults() { this = "EndpointScoringResults" }
this = "EndpointScoringResults" and exists(getACompatibleModelChecksum())
}
/** /**
* Get ATM's confidence that a path between `source` and `sink` represents a security * Get ATM's confidence that a path between `source` and `sink` represents a security
@@ -125,15 +157,7 @@ class EndpointScoringResults extends ScoringResults {
// This restriction on `sink` has no semantic effect but improves performance. // This restriction on `sink` has no semantic effect but improves performance.
getCfg().isEffectiveSink(sink) and getCfg().isEffectiveSink(sink) and
exists(float sinkScore | exists(float sinkScore |
ModelScoring::endpointScores(sink, getCfg().getASinkEndpointType().getEncoding(), sinkScore) and ModelScoring::endpointScores(sink, getCfg().getASinkEndpointType().getEncoding(), sinkScore)
// Include the endpoint if (a) the query endpoint type scores higher than all other
// endpoint types, or (b) the query endpoint type scores at least
// 0.5 - (getCfg().getScoreCutoff() / 2).
sinkScore >=
[
max(float s | ModelScoring::endpointScores(sink, _, s)),
0.5 - getCfg().getScoreCutoff() / 2
]
) )
) )
} }

View File

@@ -28,35 +28,35 @@ abstract class EndpointType extends TEndpointType {
/** The `Negative` class that can be predicted by endpoint scoring models. */ /** The `Negative` class that can be predicted by endpoint scoring models. */
class NegativeType extends EndpointType, TNegativeType { class NegativeType extends EndpointType, TNegativeType {
override string getDescription() { result = "Negative" } override string getDescription() { result = "non-sink" }
override int getEncoding() { result = 0 } override int getEncoding() { result = 0 }
} }
/** The `XssSink` class that can be predicted by endpoint scoring models. */ /** The `XssSink` class that can be predicted by endpoint scoring models. */
class XssSinkType extends EndpointType, TXssSinkType { class XssSinkType extends EndpointType, TXssSinkType {
override string getDescription() { result = "XssSink" } override string getDescription() { result = "xss sink" }
override int getEncoding() { result = 1 } override int getEncoding() { result = 1 }
} }
/** The `NosqlInjectionSink` class that can be predicted by endpoint scoring models. */ /** The `NosqlInjectionSink` class that can be predicted by endpoint scoring models. */
class NosqlInjectionSinkType extends EndpointType, TNosqlInjectionSinkType { class NosqlInjectionSinkType extends EndpointType, TNosqlInjectionSinkType {
override string getDescription() { result = "NosqlInjectionSink" } override string getDescription() { result = "nosql injection sink" }
override int getEncoding() { result = 2 } override int getEncoding() { result = 2 }
} }
/** The `SqlInjectionSink` class that can be predicted by endpoint scoring models. */ /** The `SqlInjectionSink` class that can be predicted by endpoint scoring models. */
class SqlInjectionSinkType extends EndpointType, TSqlInjectionSinkType { class SqlInjectionSinkType extends EndpointType, TSqlInjectionSinkType {
override string getDescription() { result = "SqlInjectionSink" } override string getDescription() { result = "sql injection sink" }
override int getEncoding() { result = 3 } override int getEncoding() { result = 3 }
} }
/** The `TaintedPathSink` class that can be predicted by endpoint scoring models. */ /** The `TaintedPathSink` class that can be predicted by endpoint scoring models. */
class TaintedPathSinkType extends EndpointType, TTaintedPathSinkType { class TaintedPathSinkType extends EndpointType, TTaintedPathSinkType {
override string getDescription() { result = "TaintedPathSink" } override string getDescription() { result = "path injection sink" }
override int getEncoding() { result = 4 } override int getEncoding() { result = 4 }
} }

View File

@@ -0,0 +1,116 @@
import javascript
import EndpointTypes as EndpointTypes
module ModelPrompt {
pragma[inline]
string getPrompt(DataFlow::Node endpoint) {
result = getTrainingSetPrompt() + getCurrentEndpointPrompt(endpoint)
}
/**
* Gets the beginning of the prompt, which contains the training examples, shuffled in random order.
* This part of the prompt was generated from examples that come from training repos rather than evaluation repos.
* These are diverse examples generated from a random selection of repos in the ATM training set.
* Each example is from a different repo. There are two examples of each sink type and eight non-sink examples, each
* from a different negative endpoint characteristic.
*/
private string getTrainingSetPrompt() {
result =
"# Examples of security vulnerability sinks and non-sinks\n|Dataflow node|Neighborhood|Classification|\n|---|---|---|\n|`WPUrls.ajaxurl`|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`|"
+ any(EndpointTypes::NegativeType endpointType).getDescription() +
"|\n|`[ handlebars ]`|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`|"
+ any(EndpointTypes::TaintedPathSinkType endpointType).getDescription() +
"|\n|`url`|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`|"
+ any(EndpointTypes::NegativeType endpointType).getDescription() +
"|\n|`_.bind(connection.createGame, this, socket)`|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`|"
+ any(EndpointTypes::NegativeType endpointType).getDescription() +
"|\n|`sql`|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`|"
+ any(EndpointTypes::SqlInjectionSinkType endpointType).getDescription() +
"|\n|` <style type= text/css id= shapely-style- + sufix + /> `|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`|"
+ any(EndpointTypes::XssSinkType endpointType).getDescription() +
"|\n|`content`|` textBoxEditor(content) { console.log(content); } ngOnInit() {`|" +
any(EndpointTypes::NegativeType endpointType).getDescription() +
"|\n|`imageURL`|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`|"
+ any(EndpointTypes::XssSinkType endpointType).getDescription() +
"|\n|`{ roomId }`|` } const game = await Game.findOne({ roomId }); if (!game) {`|" +
any(EndpointTypes::NosqlInjectionSinkType endpointType).getDescription() +
"|\n|` SELECT owner, name, program FROM Programs WHERE name = + data + `|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`|"
+ any(EndpointTypes::SqlInjectionSinkType endpointType).getDescription() +
"|\n|`listenToServer`|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`|"
+ any(EndpointTypes::NegativeType endpointType).getDescription() +
"|\n|`negativeYearString`|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`|"
+ any(EndpointTypes::NegativeType endpointType).getDescription() +
"|\n|`__dirname`|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`|"
+ any(EndpointTypes::TaintedPathSinkType endpointType).getDescription() +
"|\n|`certificateId`|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`|"
+ any(EndpointTypes::NosqlInjectionSinkType endpointType).getDescription() +
"|\n|`{encoding: utf8 }`|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`|"
+ any(EndpointTypes::NegativeType endpointType).getDescription() +
"|\n|`depth`|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`|"
+ any(EndpointTypes::NegativeType endpointType).getDescription() + "|\n"
}
/**
* Gets the last line of the prompt, containing the current endpoint.
* TODO
*/
private string getCurrentEndpointPrompt(DataFlow::Node endpoint) {
result = "|`" + tokenizeEndpoint(endpoint) + "`|`" + tokenizeNeighborhood(endpoint, 2) + "`|"
}
/**
* Gets the reconstructed source code text for a range of locations.
* TODO: This excludes comments
* TODO: Don't add a space if the current or previous token is a period.
*/
string tokenize(Location location) {
result =
strictconcat(Token token |
location.containsLoosely(token.getLocation())
|
token
.getValue()
.replaceAll("\"", " ")
.replaceAll("\\", " ")
.replaceAll("\n", " ")
.replaceAll("\r", " ")
.replaceAll("|", " ")
.replaceAll("`", " ") +
// Use space as the separator, since that is most likely.
// May not be an exact reconstruction, e.g. if the code
// had newlines between successive tokens.
" "
order by
token.getLocation().getStartLine(), token.getLocation().getStartColumn()
)
}
/**
* Gets the reconstructed source code text for `node`.
*/
string tokenizeEndpoint(DataFlow::Node node) {
result = tokenize(node.getAstNode().getLocation())
}
/**
* Gets the reconstructed source code text for the neighborhood around `node`, including `neighborhoodSize` lines
* before and `neighborhoodSize` lines after `node`.
*/
bindingset[neighborhoodSize]
string tokenizeNeighborhood(DataFlow::Node node, int neighborhoodSize) {
result =
tokenize(max(Location loc |
// Select the largest neighborhood that contains `node` and at most `neighborhoodSize` lines before and after
// `node`.
loc.getFile() = node.getAstNode().getLocation().getFile() and
loc.containsLoosely(node.getAstNode().getLocation()) and
loc.getStartLine() >= node.getAstNode().getLocation().getStartLine() - neighborhoodSize and
loc.getEndLine() <= node.getAstNode().getLocation().getEndLine() + neighborhoodSize
|
loc
order by
loc.getNumLines(), loc.getEndColumn() - loc.getStartColumn(), loc.getEndColumn(),
loc.getStartColumn() desc
))
}
}

View File

@@ -0,0 +1,157 @@
| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:13:22:13:29 | req.body | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:10:22:10:29 | req.body | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:29 | req.body | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:25:13:32 | req.body | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | autogenerated/Xss/DomBasedXss/classnames.js:7:58:7:68 | window.name | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | autogenerated/Xss/DomBasedXss/classnames.js:8:59:8:69 | window.name | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | autogenerated/Xss/DomBasedXss/classnames.js:9:59:9:69 | window.name | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | autogenerated/Xss/DomBasedXss/classnames.js:13:57:13:67 | window.name | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | autogenerated/Xss/DomBasedXss/classnames.js:15:52:15:62 | window.name | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | autogenerated/Xss/DomBasedXss/jquery.js:2:17:2:40 | documen ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | autogenerated/Xss/DomBasedXss/nodemailer.js:12:50:12:66 | req.query.message | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | autogenerated/Xss/DomBasedXss/sanitiser.js:16:17:16:27 | window.name | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | autogenerated/Xss/DomBasedXss/sanitiser.js:16:17:16:27 | window.name | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | autogenerated/Xss/DomBasedXss/sanitiser.js:16:17:16:27 | window.name | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | autogenerated/Xss/DomBasedXss/sanitiser.js:16:17:16:27 | window.name | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | autogenerated/Xss/DomBasedXss/sanitiser.js:16:17:16:27 | window.name | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | autogenerated/Xss/DomBasedXss/tst3.js:2:42:2:63 | window. ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | autogenerated/Xss/DomBasedXss/tst.js:31:10:31:33 | documen ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | autogenerated/Xss/DomBasedXss/tst.js:46:21:46:44 | documen ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | autogenerated/Xss/DomBasedXss/tst.js:355:19:355:42 | documen ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | autogenerated/Xss/DomBasedXss/tst.js:355:19:355:42 | documen ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:2:16:2:39 | documen ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:17:20:40 | documen ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | autogenerated/Xss/ExceptionXss/exception-xss.js:146:12:146:35 | documen ... .search | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | 1.0 |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:13:22:13:29 | req.body | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:21:19:21:26 | req.body | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | autogenerated/TaintedPath/pupeteer.js:5:28:5:53 | parseTo ... t).name | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | autogenerated/TaintedPath/pupeteer.js:5:28:5:53 | parseTo ... t).name | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | autogenerated/Xss/DomBasedXss/nodemailer.js:12:50:12:66 | req.query.message | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | autogenerated/Xss/DomBasedXss/nodemailer.js:13:50:13:66 | req.query.message | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | autogenerated/Xss/DomBasedXss/tst3.js:2:42:2:63 | window. ... .search | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | autogenerated/Xss/DomBasedXss/tst.js:197:19:197:42 | documen ... .search | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | autogenerated/Xss/DomBasedXss/tst.js:197:19:197:42 | documen ... .search | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | autogenerated/Xss/DomBasedXss/tst.js:355:19:355:42 | documen ... .search | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | autogenerated/Xss/ExceptionXss/exception-xss.js:146:12:146:35 | documen ... .search | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | 1.0 |
| NosqlInjectionAtmConfig | 2 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:13:22:13:29 | req.body | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:10:22:10:29 | req.body | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:29 | req.body | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:25:13:32 | req.body | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:8:16:8:34 | req.params.category | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:8:16:8:34 | req.params.category | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:46:8:60 | $routeParams.id | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:46:10:58 | req.params.id | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:55 | window.location.hash | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | autogenerated/Xss/DomBasedXss/nodemailer.js:12:50:12:66 | req.query.message | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | autogenerated/Xss/DomBasedXss/tst3.js:2:42:2:63 | window. ... .search | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | autogenerated/Xss/ExceptionXss/exception-xss.js:146:12:146:35 | documen ... .search | 1.0 |
| SqlInjectionAtmConfig | 3 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:13:22:13:29 | req.body | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:21:22:21:29 | req.body | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:13:19:13:26 | req.body | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:13:19:13:26 | req.body | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:70:13:70:25 | req.query.tag | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:115:11:115:22 | req.query.id | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:10:22:10:29 | req.body | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:29 | req.body | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:25:13:32 | req.body | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:7:16:7:34 | req.params.category | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:73:42:73:55 | req.query.path | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | autogenerated/Xss/DomBasedXss/nodemailer.js:12:50:12:66 | req.query.message | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | 1.0 |
| TaintedPathAtmConfig | 4 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | 1.0 |

View File

@@ -0,0 +1,22 @@
/*
* ATMQuery.ql
*
* This test surfaces the endpoints that pass the endpoint filters and have flow from a source for each query config,
* and which codex predicts to in fact be sinks for the relevant sink type. It can be used to determine the alerts codex
* will surface for each query.
*/
private import javascript as JS
import extraction.NoFeaturizationRestrictionsConfig
private import experimental.adaptivethreatmodeling.ATMConfig as AtmConfig
private import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAtm
private import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
private import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
private import experimental.adaptivethreatmodeling.XssATM as XssAtm
private import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomATM
import experimental.adaptivethreatmodeling.AdaptiveThreatModeling::ATM::ResultsInfo as AtmResultsInfo
from
AtmConfig::AtmConfig cfg, JS::DataFlow::PathNode source, JS::DataFlow::PathNode sink, float score
where cfg.hasBoostedFlowPath(source, sink, score)
select cfg, cfg.getASinkEndpointType().getEncoding(), sink.getNode(), source.getNode(), score

View File

@@ -0,0 +1,458 @@
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`event . data `\|`this . addEventListener ( 'message' , function ( event ) { document . write ( event . data ) ; } ) `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data `\|`this . addEventListener ( 'message' , function ( { data } ) { document . write ( data ) ; } ) `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`event . data `\|`function foo ( x , event , y ) { document . write ( x . data ) ; document . write ( event . data ) ; document . write ( y . data ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`\u0275getDOM ( ) . getLocation ( ) . href `\|`this . sanitizer . bypassSecurityTrustHtml ( \u0275getDOM ( ) . getLocation ( ) . href ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . params . foo `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . params . foo ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . queryParams . foo `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . queryParams . foo ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . fragment `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . fragment ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . paramMap . get ( 'foo' ) `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . paramMap . get ( 'foo' ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . queryParamMap . get ( 'foo' ) `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . queryParamMap . get ( 'foo' ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`map . get ( 'foo' ) `\|`this . route . paramMap . subscribe ( map => { this . sanitizer . bypassSecurityTrustHtml ( map . get ( 'foo' ) ) ; } ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . url [ 1 ] . path `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . url [ 1 ] . path ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . url [ 1 ] . parameters . x `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . url [ 1 ] . parameters . x ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . url [ 1 ] . parameterMap . get ( 'x' ) `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . url [ 1 ] . parameterMap . get ( 'x' ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . url [ 1 ] . parameterMap . params . x `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . url [ 1 ] . parameterMap . params . x ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . router . url `\|`this . sanitizer . bypassSecurityTrustHtml ( this . router . url ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . router . url `\|`this . sanitizer2 . bypassSecurityTrustHtml ( this . router . url ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`routeSnapshot . paramMap . get ( 'foo' ) `\|`someMethod ( routeSnapshot : ActivatedRouteSnapshot ) { this . sanitizer . bypassSecurityTrustHtml ( routeSnapshot . paramMap . get ( 'foo' ) ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <span class= ${ classNames ( window . name ) } >Hello<span> `\|`document . body . innerHTML = <span class= ${ classNames ( window . name ) } >Hello<span> ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <span class= ${ classNamesD ( window . name ) } >Hello<span> `\|`document . body . innerHTML = <span class= ${ classNamesD ( window . name ) } >Hello<span> ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <span class= ${ classNamesB ( window . name ) } >Hello<span> `\|`document . body . innerHTML = <span class= ${ classNamesB ( window . name ) } >Hello<span> ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <span class= ${ unsafeStyle ( 'foo' ) } >Hello<span> `\|`document . body . innerHTML = <span class= ${ unsafeStyle ( 'foo' ) } >Hello<span> ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <span class= ${ safeStyle ( window . name ) } >Hello<span> `\|`document . body . innerHTML = <span class= ${ safeStyle ( window . name ) } >Hello<span> ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <span class= ${ clsx ( window . name ) } >Hello<span> `\|`document . body . innerHTML = <span class= ${ clsx ( window . name ) } >Hello<span> ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`getTaint ( ) `\|`getTaint ( ) `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`getTaint ( ) `\|`d => getTaint ( ) `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`getTaint ( ) `\|`d => getTaint ( ) `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`getTaint ( ) `\|`selection . attr ( 'foo' , 'bar' ) . html ( getTaint ( ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` Time is ${ dateFns . format ( time , taint ) } `\|`document . body . innerHTML = Time is ${ dateFns . format ( time , taint ) } ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` Time is ${ dateFnsEsm . format ( time , taint ) } `\|`document . body . innerHTML = Time is ${ dateFnsEsm . format ( time , taint ) } ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` Time is ${ dateFnsFp . format ( taint ) ( time ) } `\|`document . body . innerHTML = Time is ${ dateFnsFp . format ( taint ) ( time ) } ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` Time is ${ moment ( time ) . format ( taint ) } `\|`document . body . innerHTML = Time is ${ moment ( time ) . format ( taint ) } ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` Time is ${ dateformat ( time , taint ) } `\|`document . body . innerHTML = Time is ${ dateformat ( time , taint ) } ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<h2><a href= ' + location . href + ' >A link</a></h2>' `\|`document . getElementById ( 'my-id' ) . onclick = function ( ) { this . parentNode . innerHTML = '<h2><a href= ' + location . href + ' >A link</a></h2>' ; } ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . param ( wobble ) `\|`new JSDOM ( req . param ( wobble ) , { runScripts : dangerously } ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`$ ( tainted ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <div id= + tainted + > `\|`$ ( <div id= + tainted + > ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` XSS: + tainted `\|`$ ( body ) . html ( XSS: + tainted ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . location . hash `\|`$ ( window . location . hash ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ... "</b>" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <b> + location . toString ( ) + </b> `\|`$ ( <b> + location . toString ( ) + </b> ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`decodeURIComponent ( window . location . hash ) `\|`elm . innerHTML = decodeURIComponent ( window . location . hash ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`decodeURIComponent ( window . location . search ) `\|`elm . innerHTML = decodeURIComponent ( window . location . search ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`decodeURIComponent ( window . location . toString ( ) ) `\|`elm . innerHTML = decodeURIComponent ( window . location . toString ( ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`decoded . foo `\|`jwt . verify ( taint , 'my-secret-key' , function ( err , decoded ) { new JSDOM ( decoded . foo , { runScripts : dangerously } ) ; } ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` Hi, you got a message from someone. ${ req . query . message } . `\|`html : Hi, you got a message from someone. ${ req . query . message } . `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`$ ( 'myId' ) . html ( target ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`$ ( 'myId' ) . html ( tainted ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`x `\|`$ ( 'myId' ) . html ( x ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted2 `\|`$ ( 'myId' ) . html ( tainted2 ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted2 `\|`$ ( 'myId' ) . html ( tainted2 ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted3 `\|`$ ( 'myId' ) . html ( tainted3 ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted3 `\|`$ ( 'myId' ) . html ( tainted3 ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`sanitize ? sanitizeBad ( target ) : target `\|`$ ( 'myId' ) . html ( sanitize ? sanitizeBad ( target ) : target ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`app . get ( '/some/path' , function ( req , res ) { let tainted = req . param ( code ) ; < WebView html = { tainted } / > ; < WebView source = { { html : tainted } } / > ; } ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`< WebView source = { { html : tainted } } / > ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . name `\|`export function useDoc1 ( ) { let { root } = useMyContext ( ) ; root . appendChild ( window . name ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . name `\|`foo ( ) { let { root } = this . context ; root . appendChild ( window . name ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`state `\|`function initialState ( ) { let [ state , setState ] = useState ( window . name ) ; return < div dangerouslySetInnerHTML = { { __html : state } } > < / div > ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`state `\|`return < div dangerouslySetInnerHTML = { { __html : state } } > < / div > ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`state `\|`return < div dangerouslySetInnerHTML = { { __html : state } } > < / div > ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`prev `\|`setState ( prev => { document . body . innerHTML = prev ; } ) `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ... '</b>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<b>' + tainted + '</b>' `\|`{ elt . innerHTML = '<b>' + tainted + '</b>' ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ... '</b>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<b>' + tainted + '</b>' `\|`{ elt . innerHTML = '<b>' + tainted + '</b>' ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ... '</b>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<b>' + tainted + '</b>' `\|`{ elt . innerHTML = '<b>' + tainted + '</b>' ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ... '</b>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<b>' + tainted + '</b>' `\|`{ elt . innerHTML = '<b>' + tainted + '</b>' ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<b>' + tainted + '</b>' `\|`{ elt . innerHTML = '<b>' + tainted + '</b>' ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted . replace ( /< w+/g , '' ) `\|`elt . innerHTML = tainted . replace ( /< w+/g , '' ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`sessionStorage . getItem ( 'session' ) `\|`$ ( 'myId' ) . html ( sessionStorage . getItem ( 'session' ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`localStorage . getItem ( 'local' ) `\|`$ ( 'myId' ) . html ( localStorage . getItem ( 'local' ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <a href= + href + >foobar</a> `\|`$ ( 'myId' ) . html ( <a href= + href + >foobar</a> ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location `\|`document . write ( document . location ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . href `\|`document . write ( document . location . href ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . href . valueOf ( ) `\|`document . write ( document . location . href . valueOf ( ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . href . sup ( ) `\|`document . write ( document . location . href . sup ( ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . href . toUpperCase ( ) `\|`document . write ( document . location . href . toUpperCase ( ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . href . trimLeft ( ) `\|`document . write ( document . location . href . trimLeft ( ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`String . fromCharCode ( document . location . href ) `\|`document . write ( String . fromCharCode ( document . location . href ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`String ( document . location . href ) `\|`document . write ( String ( document . location . href ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`searchParams . get ( 'term' ) `\|`$ ( 'original-term' ) . html ( searchParams . get ( 'term' ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data . src `\|`foo . setAttribute ( src , data . src ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data . p `\|`foo . setAttribute ( HREF , data . p ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data . p `\|`foo . setAttribute ( xlink:href , data . p ) `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data . p `\|`foo . setAttributeNS ( 'xlink' , 'href' , data . p ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data . p `\|`foo . setAttributeNS ( 'foobar' , 'href' , data . p ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`$ ( 'myId' ) . html ( target ) `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <OPTION value=1> + document . location . href . substring ( document . location . href . indexOf ( default= ) + 8 ) + </OPTION> `\|`document . write ( <OPTION value=1> + document . location . href . substring ( document . location . href . indexOf ( default= ) + 8 ) + </OPTION> ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ... 'px">' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<div style= width:' + target + 'px >' `\|`$ ( '<div style= width:' + target + 'px >' ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`params . get ( 'name' ) `\|`$ ( 'name' ) . html ( params . get ( 'name' ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`searchParams . get ( 'name' ) `\|`$ ( 'name' ) . html ( searchParams . get ( 'name' ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`function foo ( target ) { $ ( 'myId' ) . html ( target ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`bar ( ) `\|`$ ( 'myId' ) . html ( bar ( ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`baz ( document . location . search ) `\|`$ ( 'myId' ) . html ( baz ( document . location . search ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`wrap ( document . location . search ) `\|`$ ( 'myId' ) . html ( wrap ( document . location . search ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`chop ( document . location . search ) `\|`$ ( 'myId' ) . html ( chop ( document . location . search ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`chop ( document . location . search ) `\|`$ ( 'myId' ) . html ( chop ( document . location . search ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`wrap ( chop ( bar ( ) ) ) `\|`$ ( 'myId' ) . html ( wrap ( chop ( bar ( ) ) ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`s `\|`function dangerouslySetInnerHtml ( s ) { $ ( 'myId' ) . html ( s ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`bar ( ) `\|`$ ( 'myId' ) . html ( bar ( ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`x `\|`if ( x ) $ ( 'myId' ) . html ( x ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`let s = < span dangerouslySetInnerHTML = { { __html : document . location . search } } / > ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`$sce . trustAsHtml ( document . location . search ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`$sce . trustAsCss ( document . location . search ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`$sce . trustAs ( $sce . HTML , document . location . search ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`$sce . trustAs ( $sce . CSS , document . location . search ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`function ( ) { angular . element ( '<div>' ) . html ( document . location . search ) ; angular . element ( '<div>' ) . html ( 'SAFE' ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`link : function ( scope , element ) { element . html ( document . location . search ) ; element . html ( 'SAFE' ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`function ( ) { angular . element ( document . location . search ) ; angular . element ( 'SAFE' ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`v `\|`document . write ( v ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`v `\|`document . write ( v ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`v `\|`function ( ) { return function ( v ) { $ ( <div> ) . html ( v ) ; } } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`xssSourceService ( ) `\|`[ xssSourceService , function ( xssSourceService ) { $ ( <div> ) . html ( xssSourceService ( ) ) ; } ] `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`parser . parseFromString ( target , application/xml ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`document . body . innerHTML = tainted ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`document . createElement ( ) . innerHTML = tainted ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`createElement ( ) . innerHTML = tainted ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`document . getElementsByClassName ( ) [ 0 ] . innerHTML = tainted ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`getElementsByClassName ( ) [ 0 ] . innerHTML = tainted ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`getElementsByClassName ( ) . item ( ) . innerHTML = tainted ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`React . createElement ( div , { dangerouslySetInnerHTML : { __html : tainted } } ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`React . createFactory ( div ) ( { dangerouslySetInnerHTML : { __html : tainted } } ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . state . tainted1 `\|`$ ( 'myId' ) . html ( this . state . tainted1 ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . state . tainted2 `\|`$ ( 'myId' ) . html ( this . state . tainted2 ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . state . tainted3 `\|`$ ( 'myId' ) . html ( this . state . tainted3 ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`prevState . tainted4 `\|`this . setState ( prevState => { $ ( 'myId' ) . html ( prevState . tainted4 ) } ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . props . tainted1 `\|`$ ( 'myId' ) . html ( this . props . tainted1 ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . props . tainted2 `\|`$ ( 'myId' ) . html ( this . props . tainted2 ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . props . tainted3 `\|`$ ( 'myId' ) . html ( this . props . tainted3 ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`prevProps . tainted4 `\|`this . setState ( ( prevState , prevProps ) => { $ ( 'myId' ) . html ( prevProps . tainted4 ) } ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . state . stateTainted `\|`render ( ) { return < span dangerouslySetInnerHTML = { { __html : this . state . stateTainted } } / > ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . name `\|`function windowName ( ) { $ ( window . name ) ; $ ( name ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`name `\|`function windowName ( ) { $ ( window . name ) ; $ ( name ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . name `\|`for ( name of [ 'a' , 'b' ] ) { $ ( window . name ) ; $ ( name ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`location `\|`$ ( location ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . location `\|`$ ( window . location ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location `\|`$ ( document . location ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`loc1 `\|`$ ( loc1 ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`loc2 `\|`$ ( loc2 ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`loc3 `\|`$ ( loc3 ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`location `\|`$ ( body ) . append ( location ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`var documentFragment = range . createContextualFragment ( tainted ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`e `\|`catch ( e ) { $ ( body ) . append ( e ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`e `\|`catch ( e ) { $ ( body ) . append ( e ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`location `\|`function handlebarsSafeString ( ) { return new Handlebars . SafeString ( location ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`params . get ( 'name' ) `\|`$ ( 'name' ) . html ( params . get ( 'name' ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`getUrl ( ) . hash . substring ( 1 ) `\|`$ ( getUrl ( ) . hash . substring ( 1 ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`function growl ( ) { var target = document . location . search $ . jGrowl ( target ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`this . html ( target ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`this . innerHTML = target ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`e . innerHTML = target ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`$ ( 'myId' ) . html ( target ) `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`$ ( 'myId' ) . html ( target ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . taint `\|`$ ( 'myId' ) . html ( target . taint ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . taint3 `\|`$ ( 'myId' ) . html ( target . taint3 ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . taint5 `\|`$ ( 'myId' ) . html ( target . taint5 ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . taint7 `\|`$ ( 'myId' ) . html ( target . taint7 ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . taint8 `\|`$ ( 'myId' ) . html ( target . taint8 ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`payload `\|`document . write ( payload ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`match [ 1 ] `\|`if ( match ) { document . write ( match [ 1 ] ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . location . hash . split ( '#' ) [ 1 ] `\|`document . write ( window . location . hash . split ( '#' ) [ 1 ] ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . replace ( /<metadata>[ s S]*< /metadata>/ , '<metadata></metadata>' ) `\|`$ ( #foo ) . html ( target . replace ( /<metadata>[ s S]*< /metadata>/ , '<metadata></metadata>' ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`val `\|`templates : { suggestion : function ( val ) { return val ; } } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <div> + tainted + </div> `\|`$ ( <div> + tainted + </div> ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <div> ${ tainted } </div> `\|`$ ( <div> ${ tainted } </div> ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <div> . concat ( tainted ) . concat ( </div> ) `\|`$ ( <div> . concat ( tainted ) . concat ( </div> ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`[ <div> , tainted , </div> ] . join ( ) `\|`$ ( [ <div> , tainted , </div> ] . join ( ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ... "\\"/>" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <div id= + tainted + /> `\|`$ ( <div id= + tainted + /> ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <div id= ${ tainted } /> `\|`$ ( <div id= ${ tainted } /> ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <div id= . concat ( tainted ) . concat ( /> ) `\|`$ ( <div id= . concat ( tainted ) . concat ( /> ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div ... .join() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`[ <div id= , tainted , /> ] . join ( ) `\|`$ ( [ <div id= , tainted , /> ] . join ( ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`indirection1 ( document . location . search . attrs ) `\|`$ ( indirection1 ( document . location . search . attrs ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`indirection2 ( document . location . search . attrs ) `\|`$ ( indirection2 ( document . location . search . attrs ) ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`function test ( elt ) { var tainted = document . location . search . substring ( 1 ) ; WinJS . Utilities . setInnerHTMLUnsafe ( elt , tainted ) ; WinJS . Utilities . setOuterHTMLUnsafe ( elt , tainted ) ; } `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`WinJS . Utilities . setOuterHTMLUnsafe ( elt , tainted ) ; `\| |
| DomBasedXssAtmConfig | 1 | autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`foo `\|`$ ( 'myId' ) . html ( foo ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`if ( checkSchema ( query ) ) { doc . find ( query ) ; } `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`if ( ajv . validate ( schema , query ) ) { doc . find ( query ) ; } `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`if ( validate ( query ) ) { doc . find ( query ) ; } `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . myDoc . find ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`{ tags : tag } `\|`{ tags : tag } `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`{ tags : tag } `\|`{ tags : tag } `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`[ query ] `\|`Document . aggregate ( [ query ] ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . count ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . deleteMany ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . deleteOne ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . distinct ( 'type' , query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . find ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOne ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOneAndDelete ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOneAndRemove ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOneAndUpdate ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . replaceOne ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . update ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . updateMany ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . updateOne ( query ) . then ( X ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findByIdAndUpdate ( X , query , function ( ) { } ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`new Mongoose . Query ( X , Y , query ) . and ( query , function ( ) { } ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`new Mongoose . Query ( X , Y , query ) . and ( query , function ( ) { } ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . where ( query ) . where ( query ) . and ( query ) `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . where ( query ) . where ( query ) . and ( query ) . or ( query ) `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . where ( query ) . where ( query ) . and ( query ) . or ( query ) . distinct ( X , query ) `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | nosql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`query `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | nosql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`query `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | nosql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`query `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Mongoose . createConnection ( X ) . model ( Y ) . count ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Mongoose . createConnection ( X ) . models [ Y ] . count ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOne ( X , ( err , res ) => res . count ( query ) ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOne ( X ) . exec ( ( err , res ) => res . count ( query ) ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOne ( X ) . then ( ( res ) => res . count ( query ) ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . find ( X , ( err , res ) => res [ i ] . count ( query ) ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . find ( X ) . exec ( ( err , res ) => res [ i ] . count ( query ) ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . find ( X ) . then ( ( res ) => res [ i ] . count ( query ) ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | nosql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`new C ( X , Y , query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOneAndUpdate ( X , query , function ( ) { } ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . deleteMany ( cond ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . deleteOne ( cond ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . geoSearch ( cond ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . remove ( cond ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . replaceOne ( cond , Y ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . find ( cond ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . findOne ( cond ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`id `\|`Document . findById ( id ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . findOneAndDelete ( cond ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . findOneAndRemove ( cond ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . findOneAndUpdate ( cond , Y ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . update ( cond , Y ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . updateMany ( cond , Y ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . updateOne ( cond , Y ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`{ _id : id } `\|`Document . find ( { _id : id } ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . find ( query ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`{ id : v } `\|`MyModel . find ( { id : v } ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`{ id : req . body . id } `\|`MyModel . find ( { id : req . body . id } ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . body . key `\|`client . set ( req . body . key , value ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`client . set ( key , value ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`client . hmset ( key , field , value , key , value2 ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`key `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`client . duplicate ( ( err , newClient ) => { newClient . set ( key , value ) ; } ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`client . duplicate ( ) . set ( key , value ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`client . set ( key , value ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`const foo1 = setAsync ( key , value ) ; `\| |
| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`const foo2 = client . setAsync ( key , value ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`taint `\|`onRequest ( req , res ) { let taint = req . params . x ; this . db . one ( taint ) ; res . end ( ) ; } `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . any ( query ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . many ( query ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . manyOrNone ( query ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . map ( query ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . multi ( query ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . multiResult ( query ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . none ( query ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . one ( query ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . oneOrNone ( query ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . query ( query ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . result ( query ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . one ( { text : query } ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . id `\|`db . one ( { text : 'SELECT * FROM news where id = $1:raw' , values : req . params . id , } ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . id `\|`db . one ( { text : 'SELECT * FROM news where id = $1^' , values : req . params . id , } ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`[ req . params . id , req . params . name , req . params . foo , ] `\|`db . one ( { text : 'SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3' , values : [ req . params . id , req . params . name , req . params . foo , ] } ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | sql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . id `\|`req . params . id `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . name `\|`values : [ req . params . id , req . params . name , req . params . foo , ] `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | sql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . id `\|`values : { id : req . params . id , name : req . params . name , } `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | sql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . id `\|`id : req . params . id `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | sql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . title `\|`title : req . params . title `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . task ( t => { return t . one ( query ) ; } ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . task ( { cnd : t => t . one ( query ) } , t => t . one ( query ) ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` INSERT INTO users(name) VALUES ${ handle } `\|`io . on ( 'connection' , ( socket ) => { socket . on ( 'newuser' , ( handle ) => { db . run ( INSERT INTO users(name) VALUES ${ handle } ) ; } ) ; } ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` select * from mytable where id = ' + req . params . id + ' `\|`new sql . Request ( ) . query ( select * from mytable where id = ' + req . params . id + ' ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query1 `\|`pool . query ( query1 , [ ] , function ( err , results ) { } ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'SELECT * FROM Post WHERE id = ' + $routeParams . id + ' ' `\|`angular . module ( 'myApp' , [ 'ngRoute' ] ) . controller ( 'FindPost' , function ( $routeParams ) { db . get ( 'SELECT * FROM Post WHERE id = ' + $routeParams . id + ' ' ) ; } ) ; `\| |
| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'SELECT * FROM Post WHERE id = ' + req . params . id + ' ' `\|`app . get ( '/post/:id' , function ( req , res ) { db . get ( 'SELECT * FROM Post WHERE id = ' + req . params . id + ' ' ) ; } ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`join ( public , path ) `\|`res . write ( readFileSync ( join ( public , path ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` /home/user/ + path `\|`res . write ( fs . readFileSync ( /home/user/ + path ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( path . indexOf ( secret ) == - 1 ) res . write ( fs . readFileSync ( path ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( fs . existsSync ( path ) ) res . write ( fs . readFileSync ( path ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( path === 'foo.txt' path === 'bar.txt' someOpaqueCondition ( ) ) res . write ( fs . readFileSync ( path ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . basename ( path ) `\|`res . write ( fs . readFileSync ( pathModule . basename ( path ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . dirname ( path ) `\|`res . write ( fs . readFileSync ( pathModule . dirname ( path ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . extname ( path ) `\|`res . write ( fs . readFileSync ( pathModule . extname ( path ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( path ) `\|`res . write ( fs . readFileSync ( pathModule . join ( path ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( x , y , path , z ) `\|`res . write ( fs . readFileSync ( pathModule . join ( x , y , path , z ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . normalize ( path ) `\|`res . write ( fs . readFileSync ( pathModule . normalize ( path ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . relative ( x , path ) `\|`res . write ( fs . readFileSync ( pathModule . relative ( x , path ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . relative ( path , x ) `\|`res . write ( fs . readFileSync ( pathModule . relative ( path , x ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . resolve ( path ) `\|`res . write ( fs . readFileSync ( pathModule . resolve ( path ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . resolve ( x , y , path , z ) `\|`res . write ( fs . readFileSync ( pathModule . resolve ( x , y , path , z ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . toNamespacedPath ( path ) `\|`res . write ( fs . readFileSync ( pathModule . toNamespacedPath ( path ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | path injection sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`Cookie . get ( unsafe ) `\|`function ( ) { return { templateUrl : Cookie . get ( unsafe ) } } `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`require ( querystringify ) . parse ( req . url ) . query `\|`res . write ( fs . readFileSync ( require ( querystringify ) . parse ( req . url ) . query ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`require ( query-string ) . parse ( req . url ) . query `\|`res . write ( fs . readFileSync ( require ( query-string ) . parse ( req . url ) . query ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`require ( querystring ) . parse ( req . url ) . query `\|`res . write ( fs . readFileSync ( require ( querystring ) . parse ( req . url ) . query ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params [ 0 ] `\|`var views_local = ( req , res ) => res . render ( req . params [ 0 ] ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`fs . realpathSync ( path ) `\|`res . write ( fs . readFileSync ( fs . realpathSync ( path ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`realpath `\|`fs . realpath ( path , function ( err , realpath ) { res . write ( fs . readFileSync ( realpath ) ) ; } ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`require ( 'send' ) ( req , path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`split . join ( / ) `\|`fs . readFileSync ( split . join ( / ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`prefix + split [ split . length - 1 ] `\|`fs . readFileSync ( prefix + split [ split . length - 1 ] ) `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`split [ x ] `\|`fs . readFileSync ( split [ x ] ) `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`prefix + split [ x ] `\|`fs . readFileSync ( prefix + split [ x ] ) `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`concatted . join ( / ) `\|`fs . readFileSync ( concatted . join ( / ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`concatted2 . join ( / ) `\|`fs . readFileSync ( concatted2 . join ( / ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`split . pop ( ) `\|`fs . readFileSync ( split . pop ( ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[ ] [*,;' <> ? /]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[ ] [*,;' <> ? /]/g , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[abcd]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[abcd]/g , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[./]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[./]/g , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[foobar/foobar]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[foobar/foobar]/g , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / //g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / //g , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / . //g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / . //g , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[.]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[.]/g , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[..]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[..]/g , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / ./g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / ./g , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / . . BLA/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / . . BLA/g , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[.]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[.]/g , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[..]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[..]/g , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / ./g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / ./g , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / . . BLA/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / . . BLA/g , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` prefix + pathModule . normalize ( path ) . replace ( /^( . .[ / ])+/ , '' ) `\|`res . write ( fs . readFileSync ( prefix + pathModule . normalize ( path ) . replace ( /^( . .[ / ])+/ , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` prefix + pathModule . normalize ( path ) . replace ( /( . .[ / ])+/ , '' ) `\|`res . write ( fs . readFileSync ( prefix + pathModule . normalize ( path ) . replace ( /( . .[ / ])+/ , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` prefix + pathModule . normalize ( path ) . replace ( /( . . /)+/ , '' ) `\|`res . write ( fs . readFileSync ( prefix + pathModule . normalize ( path ) . replace ( /( . . /)+/ , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` prefix + pathModule . normalize ( path ) . replace ( /( . . /)*/ , '' ) `\|`res . write ( fs . readFileSync ( prefix + pathModule . normalize ( path ) . replace ( /( . . /)*/ , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` prefix + path . replace ( /^( . .[ / ])+/ , '' ) `\|`res . write ( fs . readFileSync ( prefix + path . replace ( /^( . .[ / ])+/ , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . normalize ( path ) . replace ( /^( . .[ / ])+/ , '' ) `\|`res . write ( fs . readFileSync ( pathModule . normalize ( path ) . replace ( /^( . .[ / ])+/ , '' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'./' + path `\|`fs . readFileSync ( './' + path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path + '/index.html' `\|`fs . readFileSync ( path + '/index.html' ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( path , 'index.html' ) `\|`fs . readFileSync ( pathModule . join ( path , 'index.html' ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( '/home/user/www' , path ) `\|`fs . readFileSync ( pathModule . join ( '/home/user/www' , path ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'./' + path `\|`fs . readFileSync ( './' + path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path + '/index.html' `\|`fs . readFileSync ( path + '/index.html' ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( path , 'index.html' ) `\|`fs . readFileSync ( pathModule . join ( path , 'index.html' ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( '/home/user/www' , path ) `\|`fs . readFileSync ( pathModule . join ( '/home/user/www' , path ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith ( . ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith ( .. ) ) fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith ( ../ ) ) fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith ( .. + pathModule . sep ) ) fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` ./ + path `\|`fs . readFileSync ( ./ + path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path + /index.html `\|`fs . readFileSync ( path + /index.html ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! pathModule . isAbsolute ( path ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith ( .. ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( path [ 0 ] !== / && path [ 0 ] !== . ) fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( path , 'index.html' ) `\|`fs . readFileSync ( pathModule . join ( path , 'index.html' ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( '.' , path ) `\|`fs . readFileSync ( pathModule . join ( '.' , path ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( '/home/user/www' , path ) `\|`fs . readFileSync ( pathModule . join ( '/home/user/www' , path ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith ( '..' ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith ( '..' ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . includes ( '..' ) ) fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! pathModule . isAbsolute ( path ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( pathModule . isAbsolute ( path ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( path . includes ( '..' ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . includes ( '..' ) && ! pathModule . isAbsolute ( path ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`fs . readFileSync ( normalizedPath ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`if ( normalizedPath . startsWith ( '/home/user/www' ) normalizedPath . startsWith ( '/home/user/public' ) ) fs . readFileSync ( normalizedPath ) ; else fs . readFileSync ( normalizedPath ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`fs . readFileSync ( normalizedPath ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! pathModule . isAbsolute ( path ) && ! path . startsWith ( '..' ) ) fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! pathModule . isAbsolute ( path ) && ! path . startsWith ( '..' ) ) fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`{ fs . readFileSync ( path ) ; } `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`newpath `\|`{ fs . readFileSync ( newpath ) ; } `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`newpath `\|`{ fs . readFileSync ( newpath ) ; } `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`newpath `\|`{ fs . readFileSync ( newpath ) ; } `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`newpath `\|`{ fs . readFileSync ( newpath ) ; } `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`{ fs . readFileSync ( path ) ; } `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`{ fs . readFileSync ( path ) ; return ; } `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`{ fs . readFileSync ( path ) ; } `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`{ fs . readFileSync ( normalizedPath ) ; return ; } `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`{ fs . readFileSync ( normalizedPath ) ; } `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`{ fs . readFileSync ( normalizedPath ) ; return ; } `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`{ fs . readFileSync ( normalizedPath ) ; } `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( abs . indexOf ( root ) !== 0 ) { fs . readFileSync ( path ) ; return ; } `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`requestPath `\|`{ targetPath = rootPath ; fs . readFileSync ( requestPath ) ; } `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`gracefulFs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fsExtra . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`originalFs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`getFsModule ( true ) . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`getFsModule ( false ) . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`require ( ./my-fs-module ) . require ( true ) . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`flexibleModuleName . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`util . promisify ( fs . readFileSync ) ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`require ( bluebird ) . promisify ( fs . readFileSync ) ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`require ( bluebird ) . promisifyAll ( fs ) . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`asyncFS . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`await page . pdf ( { path : tainted , format : 'a4' } ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`for ( let i = 0 ; i < something ( ) ; i ++ ) { pages [ i ] . screenshot ( { path : tainted } ) ; } `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`obj . sub `\|`fs . readFileSync ( obj . sub ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`obj . sub3 `\|`fs . readFileSync ( obj . sub3 ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`obj . sub4 `\|`obj . sub4 = fs . readFileSync ( obj . sub4 ) ? fs . readFileSync ( obj . sub4 ) : fs . readFileSync ( obj . sub4 ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`obj . sub4 `\|`obj . sub4 = fs . readFileSync ( obj . sub4 ) ? fs . readFileSync ( obj . sub4 ) : fs . readFileSync ( obj . sub4 ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | path injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`obj . sub4 `\|`fs . readFileSync ( obj . sub4 ) ? fs . readFileSync ( obj . sub4 ) : fs . readFileSync ( obj . sub4 ) `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`[ 'public' , path ] . join ( '/' ) `\|`res . write ( fs . readFileSync ( [ 'public' , path ] . join ( '/' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`parts . join ( '/' ) `\|`res . write ( fs . readFileSync ( parts . join ( '/' ) ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . param ( module ) `\|`app . get ( '/some/path' , function ( req , res ) { var m = require ( req . param ( module ) ) ; } ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . param ( gimme ) `\|`res . sendFile ( req . param ( gimme ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . param ( gimme ) `\|`res . sendfile ( req . param ( gimme ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . param ( dir ) `\|`res . sendFile ( req . param ( file ) , { root : req . param ( dir ) } ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`homeDir + '/data/' + req . params . x `\|`res . sendFile ( homeDir + '/data/' + req . params . x ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'data/' + req . params . x `\|`res . sendfile ( 'data/' + req . params . x ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . resolve ( 'data' , req . params . x ) `\|`res . sendFile ( path . resolve ( 'data' , req . params . x ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . join ( 'data' , req . params . x ) `\|`res . sendfile ( path . join ( 'data' , req . params . x ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`homeDir + path . join ( 'data' , req . params . x ) `\|`res . sendFile ( homeDir + path . join ( 'data' , req . params . x ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . substring ( i , j ) `\|`fs . readFileSync ( path . substring ( i , j ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . substring ( 4 ) `\|`fs . readFileSync ( path . substring ( 4 ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . substring ( 0 , i ) `\|`fs . readFileSync ( path . substring ( 0 , i ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . substr ( 4 ) `\|`fs . readFileSync ( path . substr ( 4 ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . slice ( 4 ) `\|`fs . readFileSync ( path . slice ( 4 ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . concat ( unknown ) `\|`fs . readFileSync ( path . concat ( unknown ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`unknown . concat ( path ) `\|`fs . readFileSync ( unknown . concat ( path ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`unknown . concat ( unknown , path ) `\|`fs . readFileSync ( unknown . concat ( unknown , path ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . trim ( ) `\|`fs . readFileSync ( path . trim ( ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . toLowerCase ( ) `\|`fs . readFileSync ( path . toLowerCase ( ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( '/' ) `\|`fs . readFileSync ( path . split ( '/' ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( '/' ) [ 0 ] `\|`fs . readFileSync ( path . split ( '/' ) [ 0 ] ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( '/' ) [ i ] `\|`fs . readFileSync ( path . split ( '/' ) [ i ] ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( / // ) [ i ] `\|`fs . readFileSync ( path . split ( / // ) [ i ] ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( ? ) [ 0 ] `\|`fs . readFileSync ( path . split ( ? ) [ 0 ] ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( unknown ) [ i ] `\|`fs . readFileSync ( path . split ( unknown ) [ i ] ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( unknown ) . whatever `\|`fs . readFileSync ( path . split ( unknown ) . whatever ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( unknown ) `\|`fs . readFileSync ( path . split ( unknown ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( ? ) [ i ] `\|`fs . readFileSync ( path . split ( ? ) [ i ] ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`loc `\|`return fs . readFileSync ( loc ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path3 `\|`path3 &&= res . write ( fs . readFileSync ( path3 ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path4 `\|`path4 ??= res . write ( fs . readFileSync ( path4 ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path6 `\|`res . write ( fs . readFileSync ( path6 ) ) ; `\| |
| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|` dataType: json , type: POST , url: WPUrls.ajaxurl, data: data, complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ; if (typeof define === function && define.amd) { define([ handlebars ], function(Handlebars) { return factory(Handlebars.default Handlebars); });`\|path injection sink\|\n\|`url`\|`} else { var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return ( +val+ ) ;}).join( )); return matcher.test(url); } }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) { socket.on( game:create , _.bind(connection.createGame, this, socket)); socket.on( game:spectate , _.bind(game.spectate, this, socket)); socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|` if (err) throw err; const sql = UPDATE customers SET address = Canyon 123 WHERE address = Valley 345 ; con.query(sql, function (err, result) { if (err) throw err; console.log(result.affectedRows + record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css id= shapely-style- + sufix + /> `\|` if ( ! style.length ) { style = $( head ).append( <style type= text/css id= shapely-style- + sufix + /> ).find( #shapely-style- + sufix ); }`\|xss sink\|\n\|`content`\|` textBoxEditor(content) { console.log(content); } ngOnInit() {`\|non-sink\|\n\|`imageURL`\|` <div id = mypost > <Link to ={ /post?id= + postId}> <img src={imageURL} alt= /> <div className= img_info > <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|` } const game = await Game.findOne({ roomId }); if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name = + data + `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name = + data + , function(err, row) { response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|` processCommand(cmd); } setTimeout(listenToServer, 0); } }`\|non-sink\|\n\|`negativeYearString`\|` return Date.prototype.toJSON && new Date(NaN).toJSON() === null && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1 && Date.prototype.toJSON.call({ // generic toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs .readdirSync(__dirname) .filter(function(file) { return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => { let certificateId = req.params.id; Certificates.findById(certificateId) .then(obj => { if (obj === null)`\|nosql injection sink\|\n\|`{encoding: utf8 }`\|`function updateChangelog() { var filename = path.resolve(__dirname, ../CHANGELOG.md ) , changelog = fs.readFileSync(filename, {encoding: utf8 }) , entry = new RegExp( ### ( + version + )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent = .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params [ 0 ] `\|`module . exports = ( req , res ) => res . render ( req . params [ 0 ] ) ; `\| |

View File

@@ -0,0 +1,26 @@
/*
* SurfaceKnownSinks.ql
*
* This test surfaces all the known sinks for each sink type, together with the codex prompt and the prediction codex
* returns for each sink. It can be used to determine how well codex reproduces the manual modeling for each sink type.
*/
private import javascript as JS
import extraction.NoFeaturizationRestrictionsConfig
private import experimental.adaptivethreatmodeling.ATMConfig as AtmConfig
private import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAtm
private import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
private import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
private import experimental.adaptivethreatmodeling.XssATM as XssAtm
private import experimental.adaptivethreatmodeling.EndpointScoring as EndpointScoring
from
AtmConfig::AtmConfig cfg, JS::DataFlow::PathNode sink, string prompt, string prediction,
string groundTruth
where
cfg.isKnownSink(sink.getNode()) and
EndpointScoring::ModelScoring::internalEnpointScores(sink.getNode(), prediction) and
EndpointScoring::ModelScoring::getEndpointPromptForAnyEndpoint(sink.getNode(), prompt) and
cfg.getASinkEndpointType().getDescription() = groundTruth
select cfg, cfg.getASinkEndpointType().getEncoding(), sink.getNode(), groundTruth, prediction,
prompt

View File

@@ -40,6 +40,19 @@ class Location extends @location {
) )
} }
/** Holds if this location starts before or at the same place as location `that`. */
pragma[inline]
predicate startsBeforeOrWith(Location that) {
exists(File f, int sl1, int sc1, int sl2, int sc2 |
locations_default(this, f, sl1, sc1, _, _) and
locations_default(that, f, sl2, sc2, _, _)
|
sl1 < sl2
or
sl1 = sl2 and sc1 <= sc2
)
}
/** Holds if this location ends after location `that`. */ /** Holds if this location ends after location `that`. */
pragma[inline] pragma[inline]
predicate endsAfter(Location that) { predicate endsAfter(Location that) {
@@ -53,12 +66,34 @@ class Location extends @location {
) )
} }
/** Holds if this location ends after or at the same place as location `that`. */
pragma[inline]
predicate endsAfterOrWith(Location that) {
exists(File f, int el1, int ec1, int el2, int ec2 |
locations_default(this, f, _, _, el1, ec1) and
locations_default(that, f, _, _, el2, ec2)
|
el1 > el2
or
el1 = el2 and ec1 >= ec2
)
}
/** /**
* Holds if this location contains location `that`, meaning that it starts * Holds if this location contains location `that`, meaning that it starts
* before and ends after it. * before and ends after it.
*/ */
predicate contains(Location that) { this.startsBefore(that) and this.endsAfter(that) } predicate contains(Location that) { this.startsBefore(that) and this.endsAfter(that) }
/**
* Holds if this location contains location `that`, meaning that it starts
* before or at the same place and ends after or at the same place.
*/
pragma[inline]
predicate containsLoosely(Location that) {
this.startsBeforeOrWith(that) and this.endsAfterOrWith(that)
}
/** Holds if this location is empty. */ /** Holds if this location is empty. */
predicate isEmpty() { exists(int l, int c | locations_default(this, _, l, c, l, c - 1)) } predicate isEmpty() { exists(int l, int c | locations_default(this, _, l, c, l, c - 1)) }
@@ -72,6 +107,7 @@ class Location extends @location {
* For more information, see * For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/ */
pragma[inline]
predicate hasLocationInfo( predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn string filepath, int startline, int startcolumn, int endline, int endcolumn
) { ) {
@@ -88,6 +124,7 @@ class Locatable extends @locatable {
File getFile() { result = this.getLocation().getFile() } File getFile() { result = this.getLocation().getFile() }
/** Gets this element's location. */ /** Gets this element's location. */
pragma[inline]
Location getLocation() { Location getLocation() {
// overridden by subclasses // overridden by subclasses
none() none()
@@ -151,6 +188,7 @@ class Locatable extends @locatable {
* to `none()`, which is unhelpful. * to `none()`, which is unhelpful.
*/ */
private class FileLocatable extends File, Locatable { private class FileLocatable extends File, Locatable {
pragma[inline]
override Location getLocation() { result = File.super.getLocation() } override Location getLocation() { result = File.super.getLocation() }
override string toString() { result = File.super.toString() } override string toString() { result = File.super.toString() }

View File

@@ -17,6 +17,7 @@ import javascript
* ``` * ```
*/ */
class Token extends Locatable, @token { class Token extends Locatable, @token {
pragma[inline]
override Location getLocation() { hasLocation(this, result) } override Location getLocation() { hasLocation(this, result) }
/** Gets the toplevel syntactic structure to which this token belongs. */ /** Gets the toplevel syntactic structure to which this token belongs. */