mirror of
https://github.com/github/codeql.git
synced 2025-12-17 17:23:36 +01:00
302 lines
28 KiB
Plaintext
302 lines
28 KiB
Plaintext
nodes
|
|
| NoSQLCodeInjection.js:18:24:18:31 | req.body |
|
|
| NoSQLCodeInjection.js:18:24:18:31 | req.body |
|
|
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
|
|
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
|
|
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
|
|
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
|
|
| NoSQLCodeInjection.js:19:36:19:43 | req.body |
|
|
| NoSQLCodeInjection.js:19:36:19:43 | req.body |
|
|
| NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
|
|
| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
|
|
| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
|
|
| NoSQLCodeInjection.js:22:36:22:43 | req.body |
|
|
| NoSQLCodeInjection.js:22:36:22:43 | req.body |
|
|
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
|
|
| angularjs.js:10:22:10:36 | location.search |
|
|
| angularjs.js:10:22:10:36 | location.search |
|
|
| angularjs.js:10:22:10:36 | location.search |
|
|
| angularjs.js:13:23:13:37 | location.search |
|
|
| angularjs.js:13:23:13:37 | location.search |
|
|
| angularjs.js:13:23:13:37 | location.search |
|
|
| angularjs.js:16:28:16:42 | location.search |
|
|
| angularjs.js:16:28:16:42 | location.search |
|
|
| angularjs.js:16:28:16:42 | location.search |
|
|
| angularjs.js:19:22:19:36 | location.search |
|
|
| angularjs.js:19:22:19:36 | location.search |
|
|
| angularjs.js:19:22:19:36 | location.search |
|
|
| angularjs.js:22:27:22:41 | location.search |
|
|
| angularjs.js:22:27:22:41 | location.search |
|
|
| angularjs.js:22:27:22:41 | location.search |
|
|
| angularjs.js:25:23:25:37 | location.search |
|
|
| angularjs.js:25:23:25:37 | location.search |
|
|
| angularjs.js:25:23:25:37 | location.search |
|
|
| angularjs.js:28:33:28:47 | location.search |
|
|
| angularjs.js:28:33:28:47 | location.search |
|
|
| angularjs.js:28:33:28:47 | location.search |
|
|
| angularjs.js:31:28:31:42 | location.search |
|
|
| angularjs.js:31:28:31:42 | location.search |
|
|
| angularjs.js:31:28:31:42 | location.search |
|
|
| angularjs.js:34:18:34:32 | location.search |
|
|
| angularjs.js:34:18:34:32 | location.search |
|
|
| angularjs.js:34:18:34:32 | location.search |
|
|
| angularjs.js:40:18:40:32 | location.search |
|
|
| angularjs.js:40:18:40:32 | location.search |
|
|
| angularjs.js:40:18:40:32 | location.search |
|
|
| angularjs.js:44:17:44:31 | location.search |
|
|
| angularjs.js:44:17:44:31 | location.search |
|
|
| angularjs.js:44:17:44:31 | location.search |
|
|
| angularjs.js:47:16:47:30 | location.search |
|
|
| angularjs.js:47:16:47:30 | location.search |
|
|
| angularjs.js:47:16:47:30 | location.search |
|
|
| angularjs.js:50:22:50:36 | location.search |
|
|
| angularjs.js:50:22:50:36 | location.search |
|
|
| angularjs.js:50:22:50:36 | location.search |
|
|
| angularjs.js:53:32:53:46 | location.search |
|
|
| angularjs.js:53:32:53:46 | location.search |
|
|
| angularjs.js:53:32:53:46 | location.search |
|
|
| bad-code-sanitization.js:54:14:54:67 | `(funct ... "))}))` |
|
|
| bad-code-sanitization.js:54:14:54:67 | `(funct ... "))}))` |
|
|
| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) |
|
|
| bad-code-sanitization.js:54:44:54:62 | req.param("wobble") |
|
|
| bad-code-sanitization.js:54:44:54:62 | req.param("wobble") |
|
|
| bad-code-sanitization.js:56:7:56:47 | taint |
|
|
| bad-code-sanitization.js:56:15:56:36 | [req.bo ... "foo"] |
|
|
| bad-code-sanitization.js:56:15:56:47 | [req.bo ... n("\\n") |
|
|
| bad-code-sanitization.js:56:16:56:23 | req.body |
|
|
| bad-code-sanitization.js:56:16:56:23 | req.body |
|
|
| bad-code-sanitization.js:56:16:56:28 | req.body.name |
|
|
| bad-code-sanitization.js:58:14:58:53 | `(funct ... nt)}))` |
|
|
| bad-code-sanitization.js:58:14:58:53 | `(funct ... nt)}))` |
|
|
| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) |
|
|
| bad-code-sanitization.js:58:44:58:48 | taint |
|
|
| express.js:7:24:7:69 | "return ... + "];" |
|
|
| express.js:7:24:7:69 | "return ... + "];" |
|
|
| express.js:7:44:7:62 | req.param("wobble") |
|
|
| express.js:7:44:7:62 | req.param("wobble") |
|
|
| express.js:9:34:9:79 | "return ... + "];" |
|
|
| express.js:9:34:9:79 | "return ... + "];" |
|
|
| express.js:9:54:9:72 | req.param("wobble") |
|
|
| express.js:9:54:9:72 | req.param("wobble") |
|
|
| express.js:12:8:12:53 | "return ... + "];" |
|
|
| express.js:12:8:12:53 | "return ... + "];" |
|
|
| express.js:12:28:12:46 | req.param("wobble") |
|
|
| express.js:12:28:12:46 | req.param("wobble") |
|
|
| express.js:15:22:15:54 | req.par ... ction") |
|
|
| express.js:15:22:15:54 | req.par ... ction") |
|
|
| express.js:15:22:15:54 | req.par ... ction") |
|
|
| express.js:17:30:17:53 | req.par ... cript") |
|
|
| express.js:17:30:17:53 | req.par ... cript") |
|
|
| express.js:17:30:17:53 | req.par ... cript") |
|
|
| express.js:19:37:19:70 | req.par ... odule") |
|
|
| express.js:19:37:19:70 | req.par ... odule") |
|
|
| express.js:19:37:19:70 | req.par ... odule") |
|
|
| express.js:21:19:21:48 | req.par ... ntext") |
|
|
| express.js:21:19:21:48 | req.par ... ntext") |
|
|
| express.js:21:19:21:48 | req.par ... ntext") |
|
|
| module.js:9:16:9:29 | req.query.code |
|
|
| module.js:9:16:9:29 | req.query.code |
|
|
| module.js:9:16:9:29 | req.query.code |
|
|
| react-native.js:7:7:7:33 | tainted |
|
|
| react-native.js:7:17:7:33 | req.param("code") |
|
|
| react-native.js:7:17:7:33 | req.param("code") |
|
|
| react-native.js:8:32:8:38 | tainted |
|
|
| react-native.js:8:32:8:38 | tainted |
|
|
| react-native.js:10:23:10:29 | tainted |
|
|
| react-native.js:10:23:10:29 | tainted |
|
|
| react.js:10:56:10:77 | documen ... on.hash |
|
|
| react.js:10:56:10:77 | documen ... on.hash |
|
|
| react.js:10:56:10:77 | documen ... on.hash |
|
|
| template-sinks.js:12:9:12:31 | tainted |
|
|
| template-sinks.js:12:19:12:31 | req.query.foo |
|
|
| template-sinks.js:12:19:12:31 | req.query.foo |
|
|
| template-sinks.js:14:17:14:23 | tainted |
|
|
| template-sinks.js:14:17:14:23 | tainted |
|
|
| template-sinks.js:15:16:15:22 | tainted |
|
|
| template-sinks.js:15:16:15:22 | tainted |
|
|
| template-sinks.js:16:18:16:24 | tainted |
|
|
| template-sinks.js:16:18:16:24 | tainted |
|
|
| template-sinks.js:17:17:17:23 | tainted |
|
|
| template-sinks.js:17:17:17:23 | tainted |
|
|
| template-sinks.js:18:18:18:24 | tainted |
|
|
| template-sinks.js:18:18:18:24 | tainted |
|
|
| template-sinks.js:19:16:19:22 | tainted |
|
|
| template-sinks.js:19:16:19:22 | tainted |
|
|
| template-sinks.js:20:27:20:33 | tainted |
|
|
| template-sinks.js:20:27:20:33 | tainted |
|
|
| template-sinks.js:21:21:21:27 | tainted |
|
|
| template-sinks.js:21:21:21:27 | tainted |
|
|
| tst.js:2:6:2:27 | documen ... on.href |
|
|
| tst.js:2:6:2:27 | documen ... on.href |
|
|
| tst.js:2:6:2:83 | documen ... t=")+8) |
|
|
| tst.js:2:6:2:83 | documen ... t=")+8) |
|
|
| tst.js:5:12:5:33 | documen ... on.hash |
|
|
| tst.js:5:12:5:33 | documen ... on.hash |
|
|
| tst.js:5:12:5:33 | documen ... on.hash |
|
|
| tst.js:14:10:14:33 | documen ... .search |
|
|
| tst.js:14:10:14:33 | documen ... .search |
|
|
| tst.js:14:10:14:74 | documen ... , "$1") |
|
|
| tst.js:14:10:14:74 | documen ... , "$1") |
|
|
| tst.js:17:21:17:42 | documen ... on.hash |
|
|
| tst.js:17:21:17:42 | documen ... on.hash |
|
|
| tst.js:17:21:17:42 | documen ... on.hash |
|
|
| tst.js:20:30:20:51 | documen ... on.hash |
|
|
| tst.js:20:30:20:51 | documen ... on.hash |
|
|
| tst.js:20:30:20:51 | documen ... on.hash |
|
|
| tst.js:23:6:23:46 | atob(do ... ing(1)) |
|
|
| tst.js:23:6:23:46 | atob(do ... ing(1)) |
|
|
| tst.js:23:11:23:32 | documen ... on.hash |
|
|
| tst.js:23:11:23:32 | documen ... on.hash |
|
|
| tst.js:23:11:23:45 | documen ... ring(1) |
|
|
| tst.js:26:26:26:40 | location.search |
|
|
| tst.js:26:26:26:40 | location.search |
|
|
| tst.js:26:26:26:53 | locatio ... ring(1) |
|
|
| tst.js:26:26:26:53 | locatio ... ring(1) |
|
|
edges
|
|
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
|
|
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
|
|
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
|
|
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
|
|
| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
|
|
| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
|
|
| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
|
|
| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
|
|
| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
|
|
| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
|
|
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
|
|
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
|
|
| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search |
|
|
| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search |
|
|
| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search |
|
|
| angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search |
|
|
| angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search |
|
|
| angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search |
|
|
| angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search |
|
|
| angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search |
|
|
| angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search |
|
|
| angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search |
|
|
| angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search |
|
|
| angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search |
|
|
| angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search |
|
|
| angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search |
|
|
| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | bad-code-sanitization.js:54:14:54:67 | `(funct ... "))}))` |
|
|
| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | bad-code-sanitization.js:54:14:54:67 | `(funct ... "))}))` |
|
|
| bad-code-sanitization.js:54:44:54:62 | req.param("wobble") | bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) |
|
|
| bad-code-sanitization.js:54:44:54:62 | req.param("wobble") | bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) |
|
|
| bad-code-sanitization.js:56:7:56:47 | taint | bad-code-sanitization.js:58:44:58:48 | taint |
|
|
| bad-code-sanitization.js:56:15:56:36 | [req.bo ... "foo"] | bad-code-sanitization.js:56:15:56:47 | [req.bo ... n("\\n") |
|
|
| bad-code-sanitization.js:56:15:56:47 | [req.bo ... n("\\n") | bad-code-sanitization.js:56:7:56:47 | taint |
|
|
| bad-code-sanitization.js:56:16:56:23 | req.body | bad-code-sanitization.js:56:16:56:28 | req.body.name |
|
|
| bad-code-sanitization.js:56:16:56:23 | req.body | bad-code-sanitization.js:56:16:56:28 | req.body.name |
|
|
| bad-code-sanitization.js:56:16:56:28 | req.body.name | bad-code-sanitization.js:56:15:56:36 | [req.bo ... "foo"] |
|
|
| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | bad-code-sanitization.js:58:14:58:53 | `(funct ... nt)}))` |
|
|
| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | bad-code-sanitization.js:58:14:58:53 | `(funct ... nt)}))` |
|
|
| bad-code-sanitization.js:58:44:58:48 | taint | bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) |
|
|
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
|
|
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
|
|
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
|
|
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
|
|
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
|
|
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
|
|
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
|
|
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
|
|
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
|
|
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
|
|
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
|
|
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
|
|
| express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") |
|
|
| express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") |
|
|
| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") |
|
|
| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") |
|
|
| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code |
|
|
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
|
|
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
|
|
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |
|
|
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |
|
|
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
|
|
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
|
|
| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash |
|
|
| template-sinks.js:12:9:12:31 | tainted | template-sinks.js:14:17:14:23 | tainted |
|
|
| template-sinks.js:12:9:12:31 | tainted | template-sinks.js:14:17:14:23 | tainted |
|
|
| template-sinks.js:12:9:12:31 | tainted | template-sinks.js:15:16:15:22 | tainted |
|
|
| template-sinks.js:12:9:12:31 | tainted | template-sinks.js:15:16:15:22 | tainted |
|
|
| template-sinks.js:12:9:12:31 | tainted | template-sinks.js:16:18:16:24 | tainted |
|
|
| template-sinks.js:12:9:12:31 | tainted | template-sinks.js:16:18:16:24 | tainted |
|
|
| template-sinks.js:12:9:12:31 | tainted | template-sinks.js:17:17:17:23 | tainted |
|
|
| template-sinks.js:12:9:12:31 | tainted | template-sinks.js:17:17:17:23 | tainted |
|
|
| template-sinks.js:12:9:12:31 | tainted | template-sinks.js:18:18:18:24 | tainted |
|
|
| template-sinks.js:12:9:12:31 | tainted | template-sinks.js:18:18:18:24 | tainted |
|
|
| template-sinks.js:12:9:12:31 | tainted | template-sinks.js:19:16:19:22 | tainted |
|
|
| template-sinks.js:12:9:12:31 | tainted | template-sinks.js:19:16:19:22 | tainted |
|
|
| template-sinks.js:12:9:12:31 | tainted | template-sinks.js:20:27:20:33 | tainted |
|
|
| template-sinks.js:12:9:12:31 | tainted | template-sinks.js:20:27:20:33 | tainted |
|
|
| template-sinks.js:12:9:12:31 | tainted | template-sinks.js:21:21:21:27 | tainted |
|
|
| template-sinks.js:12:9:12:31 | tainted | template-sinks.js:21:21:21:27 | tainted |
|
|
| template-sinks.js:12:19:12:31 | req.query.foo | template-sinks.js:12:9:12:31 | tainted |
|
|
| template-sinks.js:12:19:12:31 | req.query.foo | template-sinks.js:12:9:12:31 | tainted |
|
|
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
|
|
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
|
|
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
|
|
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
|
|
| tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash |
|
|
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
|
|
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
|
|
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
|
|
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
|
|
| tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash |
|
|
| tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash |
|
|
| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) |
|
|
| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) |
|
|
| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) |
|
|
| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) |
|
|
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
|
|
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
|
|
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
|
|
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
|
|
#select
|
|
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | $@ flows to here and is interpreted as code. | NoSQLCodeInjection.js:18:24:18:31 | req.body | User-provided value |
|
|
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | $@ flows to here and is interpreted as code. | NoSQLCodeInjection.js:19:36:19:43 | req.body | User-provided value |
|
|
| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | $@ flows to here and is interpreted as code. | NoSQLCodeInjection.js:22:36:22:43 | req.body | User-provided value |
|
|
| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:10:22:10:36 | location.search | User-provided value |
|
|
| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:13:23:13:37 | location.search | User-provided value |
|
|
| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:16:28:16:42 | location.search | User-provided value |
|
|
| angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:19:22:19:36 | location.search | User-provided value |
|
|
| angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:22:27:22:41 | location.search | User-provided value |
|
|
| angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:25:23:25:37 | location.search | User-provided value |
|
|
| angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:28:33:28:47 | location.search | User-provided value |
|
|
| angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:31:28:31:42 | location.search | User-provided value |
|
|
| angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:34:18:34:32 | location.search | User-provided value |
|
|
| angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:40:18:40:32 | location.search | User-provided value |
|
|
| angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:44:17:44:31 | location.search | User-provided value |
|
|
| angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:47:16:47:30 | location.search | User-provided value |
|
|
| angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:50:22:50:36 | location.search | User-provided value |
|
|
| angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:53:32:53:46 | location.search | User-provided value |
|
|
| bad-code-sanitization.js:54:14:54:67 | `(funct ... "))}))` | bad-code-sanitization.js:54:44:54:62 | req.param("wobble") | bad-code-sanitization.js:54:14:54:67 | `(funct ... "))}))` | $@ flows to here and is interpreted as code. | bad-code-sanitization.js:54:44:54:62 | req.param("wobble") | User-provided value |
|
|
| bad-code-sanitization.js:58:14:58:53 | `(funct ... nt)}))` | bad-code-sanitization.js:56:16:56:23 | req.body | bad-code-sanitization.js:58:14:58:53 | `(funct ... nt)}))` | $@ flows to here and is interpreted as code. | bad-code-sanitization.js:56:16:56:23 | req.body | User-provided value |
|
|
| express.js:7:24:7:69 | "return ... + "];" | express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | $@ flows to here and is interpreted as code. | express.js:7:44:7:62 | req.param("wobble") | User-provided value |
|
|
| express.js:9:34:9:79 | "return ... + "];" | express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | $@ flows to here and is interpreted as code. | express.js:9:54:9:72 | req.param("wobble") | User-provided value |
|
|
| express.js:12:8:12:53 | "return ... + "];" | express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | $@ flows to here and is interpreted as code. | express.js:12:28:12:46 | req.param("wobble") | User-provided value |
|
|
| express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") | $@ flows to here and is interpreted as code. | express.js:15:22:15:54 | req.par ... ction") | User-provided value |
|
|
| express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") | $@ flows to here and is interpreted as code. | express.js:17:30:17:53 | req.par ... cript") | User-provided value |
|
|
| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | $@ flows to here and is interpreted as code. | express.js:19:37:19:70 | req.par ... odule") | User-provided value |
|
|
| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | $@ flows to here and is interpreted as code. | express.js:21:19:21:48 | req.par ... ntext") | User-provided value |
|
|
| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | $@ flows to here and is interpreted as code. | module.js:9:16:9:29 | req.query.code | User-provided value |
|
|
| react-native.js:8:32:8:38 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:8:32:8:38 | tainted | $@ flows to here and is interpreted as code. | react-native.js:7:17:7:33 | req.param("code") | User-provided value |
|
|
| react-native.js:10:23:10:29 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:10:23:10:29 | tainted | $@ flows to here and is interpreted as code. | react-native.js:7:17:7:33 | req.param("code") | User-provided value |
|
|
| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | $@ flows to here and is interpreted as code. | react.js:10:56:10:77 | documen ... on.hash | User-provided value |
|
|
| template-sinks.js:14:17:14:23 | tainted | template-sinks.js:12:19:12:31 | req.query.foo | template-sinks.js:14:17:14:23 | tainted | $@ flows to here and is interpreted as a template, which may contain code. | template-sinks.js:12:19:12:31 | req.query.foo | User-provided value |
|
|
| template-sinks.js:15:16:15:22 | tainted | template-sinks.js:12:19:12:31 | req.query.foo | template-sinks.js:15:16:15:22 | tainted | $@ flows to here and is interpreted as a template, which may contain code. | template-sinks.js:12:19:12:31 | req.query.foo | User-provided value |
|
|
| template-sinks.js:16:18:16:24 | tainted | template-sinks.js:12:19:12:31 | req.query.foo | template-sinks.js:16:18:16:24 | tainted | $@ flows to here and is interpreted as a template, which may contain code. | template-sinks.js:12:19:12:31 | req.query.foo | User-provided value |
|
|
| template-sinks.js:17:17:17:23 | tainted | template-sinks.js:12:19:12:31 | req.query.foo | template-sinks.js:17:17:17:23 | tainted | $@ flows to here and is interpreted as a template, which may contain code. | template-sinks.js:12:19:12:31 | req.query.foo | User-provided value |
|
|
| template-sinks.js:18:18:18:24 | tainted | template-sinks.js:12:19:12:31 | req.query.foo | template-sinks.js:18:18:18:24 | tainted | $@ flows to here and is interpreted as a template, which may contain code. | template-sinks.js:12:19:12:31 | req.query.foo | User-provided value |
|
|
| template-sinks.js:19:16:19:22 | tainted | template-sinks.js:12:19:12:31 | req.query.foo | template-sinks.js:19:16:19:22 | tainted | $@ flows to here and is interpreted as a template, which may contain code. | template-sinks.js:12:19:12:31 | req.query.foo | User-provided value |
|
|
| template-sinks.js:20:27:20:33 | tainted | template-sinks.js:12:19:12:31 | req.query.foo | template-sinks.js:20:27:20:33 | tainted | $@ flows to here and is interpreted as a template, which may contain code. | template-sinks.js:12:19:12:31 | req.query.foo | User-provided value |
|
|
| template-sinks.js:21:21:21:27 | tainted | template-sinks.js:12:19:12:31 | req.query.foo | template-sinks.js:21:21:21:27 | tainted | $@ flows to here and is interpreted as a template, which may contain code. | template-sinks.js:12:19:12:31 | req.query.foo | User-provided value |
|
|
| tst.js:2:6:2:83 | documen ... t=")+8) | tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | $@ flows to here and is interpreted as code. | tst.js:2:6:2:27 | documen ... on.href | User-provided value |
|
|
| tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | $@ flows to here and is interpreted as code. | tst.js:5:12:5:33 | documen ... on.hash | User-provided value |
|
|
| tst.js:14:10:14:74 | documen ... , "$1") | tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | $@ flows to here and is interpreted as code. | tst.js:14:10:14:33 | documen ... .search | User-provided value |
|
|
| tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash | $@ flows to here and is interpreted as code. | tst.js:17:21:17:42 | documen ... on.hash | User-provided value |
|
|
| tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash | $@ flows to here and is interpreted as code. | tst.js:20:30:20:51 | documen ... on.hash | User-provided value |
|
|
| tst.js:23:6:23:46 | atob(do ... ing(1)) | tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:6:23:46 | atob(do ... ing(1)) | $@ flows to here and is interpreted as code. | tst.js:23:11:23:32 | documen ... on.hash | User-provided value |
|
|
| tst.js:26:26:26:53 | locatio ... ring(1) | tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | $@ flows to here and is interpreted as code. | tst.js:26:26:26:40 | location.search | User-provided value |
|