nodes
| XpathInjectionBad.js:6:7:6:38 | userName |
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") |
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") |
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
| XpathInjectionBad.js:9:66:9:73 | userName |
| tst2.js:1:13:1:34 | documen ... on.hash |
| tst2.js:1:13:1:34 | documen ... on.hash |
| tst2.js:1:13:1:47 | documen ... ring(1) |
| tst2.js:2:27:2:31 | query |
| tst2.js:2:27:2:31 | query |
| tst2.js:3:19:3:23 | query |
| tst2.js:3:19:3:23 | query |
| tst.js:6:7:6:37 | tainted |
| tst.js:6:17:6:37 | req.par ... rName") |
| tst.js:6:17:6:37 | req.par ... rName") |
| tst.js:7:15:7:21 | tainted |
| tst.js:7:15:7:21 | tainted |
| tst.js:8:16:8:22 | tainted |
| tst.js:8:16:8:22 | tainted |
| tst.js:9:17:9:23 | tainted |
| tst.js:9:17:9:23 | tainted |
| tst.js:11:8:11:14 | tainted |
| tst.js:11:8:11:14 | tainted |
edges
| XpathInjectionBad.js:6:7:6:38 | userName | XpathInjectionBad.js:9:66:9:73 | userName |
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName |
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName |
| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
| tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) |
| tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) |
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query |
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query |
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:3:19:3:23 | query |
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:3:19:3:23 | query |
| tst.js:6:7:6:37 | tainted | tst.js:7:15:7:21 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:7:15:7:21 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:8:16:8:22 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:8:16:8:22 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:9:17:9:23 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:9:17:9:23 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:11:8:11:14 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:11:8:11:14 | tainted |
| tst.js:6:17:6:37 | req.par ... rName") | tst.js:6:7:6:37 | tainted |
| tst.js:6:17:6:37 | req.par ... rName") | tst.js:6:7:6:37 | tainted |
#select
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | $@ flows here and is used in an XPath expression. | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | User-provided value |
| tst2.js:2:27:2:31 | query | tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:2:27:2:31 | query | $@ flows here and is used in an XPath expression. | tst2.js:1:13:1:34 | documen ... on.hash | User-provided value |
| tst2.js:3:19:3:23 | query | tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:3:19:3:23 | query | $@ flows here and is used in an XPath expression. | tst2.js:1:13:1:34 | documen ... on.hash | User-provided value |
| tst.js:7:15:7:21 | tainted | tst.js:6:17:6:37 | req.par ... rName") | tst.js:7:15:7:21 | tainted | $@ flows here and is used in an XPath expression. | tst.js:6:17:6:37 | req.par ... rName") | User-provided value |
| tst.js:8:16:8:22 | tainted | tst.js:6:17:6:37 | req.par ... rName") | tst.js:8:16:8:22 | tainted | $@ flows here and is used in an XPath expression. | tst.js:6:17:6:37 | req.par ... rName") | User-provided value |
| tst.js:9:17:9:23 | tainted | tst.js:6:17:6:37 | req.par ... rName") | tst.js:9:17:9:23 | tainted | $@ flows here and is used in an XPath expression. | tst.js:6:17:6:37 | req.par ... rName") | User-provided value |
| tst.js:11:8:11:14 | tainted | tst.js:6:17:6:37 | req.par ... rName") | tst.js:11:8:11:14 | tainted | $@ flows here and is used in an XPath expression. | tst.js:6:17:6:37 | req.par ... rName") | User-provided value |