hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
sauyon/java-spring-stringutils
codeql/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
Erik Krogh Kristensen 84e9229386 Merge branch 'main' into koa
2021-03-19 16:56:15 +01:00

176 lines
13 KiB
Plaintext
Raw Permalink Blame History

nodes
| tst.js:14:9:14:52 | tainted |
| tst.js:14:19:14:42 | url.par ... , true) |
| tst.js:14:19:14:48 | url.par ... ).query |
| tst.js:14:19:14:52 | url.par ... ery.url |
| tst.js:14:29:14:35 | req.url |
| tst.js:14:29:14:35 | req.url |
| tst.js:18:13:18:19 | tainted |
| tst.js:18:13:18:19 | tainted |
| tst.js:20:17:20:23 | tainted |
| tst.js:20:17:20:23 | tainted |
| tst.js:23:19:23:25 | tainted |
| tst.js:23:19:23:25 | tainted |
| tst.js:26:13:26:31 | "http://" + tainted |
| tst.js:26:13:26:31 | "http://" + tainted |
| tst.js:26:25:26:31 | tainted |
| tst.js:28:13:28:42 | "http:/ ... tainted |
| tst.js:28:13:28:42 | "http:/ ... tainted |
| tst.js:28:36:28:42 | tainted |
| tst.js:30:13:30:43 | "http:/ ... tainted |
| tst.js:30:13:30:43 | "http:/ ... tainted |
| tst.js:30:37:30:43 | tainted |
| tst.js:34:34:34:40 | tainted |
| tst.js:34:34:34:40 | tainted |
| tst.js:36:16:36:31 | new Uri(tainted) |
| tst.js:36:16:36:31 | new Uri(tainted) |
| tst.js:36:24:36:30 | tainted |
| tst.js:37:22:37:37 | new Uri(tainted) |
| tst.js:37:22:37:37 | new Uri(tainted) |
| tst.js:37:30:37:36 | tainted |
| tst.js:41:13:41:51 | `http:/ ... inted}` |
| tst.js:41:13:41:51 | `http:/ ... inted}` |
| tst.js:41:43:41:49 | tainted |
| tst.js:43:13:43:54 | `http:/ ... inted}` |
| tst.js:43:13:43:54 | `http:/ ... inted}` |
| tst.js:43:46:43:52 | tainted |
| tst.js:45:13:45:56 | 'http:/ ... tainted |
| tst.js:45:13:45:56 | 'http:/ ... tainted |
| tst.js:45:50:45:56 | tainted |
| tst.js:58:9:58:52 | tainted |
| tst.js:58:19:58:42 | url.par ... , true) |
| tst.js:58:19:58:48 | url.par ... ).query |
| tst.js:58:19:58:52 | url.par ... ery.url |
| tst.js:58:29:58:35 | req.url |
| tst.js:58:29:58:35 | req.url |
| tst.js:61:29:61:35 | tainted |
| tst.js:61:29:61:35 | tainted |
| tst.js:64:30:64:36 | tainted |
| tst.js:64:30:64:36 | tainted |
| tst.js:68:30:68:36 | tainted |
| tst.js:68:30:68:36 | tainted |
| tst.js:74:9:74:52 | tainted |
| tst.js:74:19:74:42 | url.par ... , true) |
| tst.js:74:19:74:48 | url.par ... ).query |
| tst.js:74:19:74:52 | url.par ... ery.url |
| tst.js:74:29:74:35 | req.url |
| tst.js:74:29:74:35 | req.url |
| tst.js:76:19:76:25 | tainted |
| tst.js:76:19:76:25 | tainted |
| tst.js:83:38:83:43 | param1 |
| tst.js:83:38:83:43 | param1 |
| tst.js:84:19:84:24 | param1 |
| tst.js:84:19:84:24 | param1 |
| tst.js:90:19:90:28 | ctx.params |
| tst.js:90:19:90:28 | ctx.params |
| tst.js:90:19:90:32 | ctx.params.foo |
| tst.js:90:19:90:32 | ctx.params.foo |
| tst.js:92:19:92:28 | ctx.params |
| tst.js:92:19:92:28 | ctx.params |
| tst.js:92:19:92:32 | ctx.params.foo |
| tst.js:92:19:92:32 | ctx.params.foo |
| tst.js:98:9:98:52 | tainted |
| tst.js:98:19:98:42 | url.par ... , true) |
| tst.js:98:19:98:48 | url.par ... ).query |
| tst.js:98:19:98:52 | url.par ... ery.url |
| tst.js:98:29:98:35 | req.url |
| tst.js:98:29:98:35 | req.url |
| tst.js:100:19:100:25 | tainted |
| tst.js:100:19:100:25 | tainted |
edges
| tst.js:14:9:14:52 | tainted | tst.js:18:13:18:19 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:18:13:18:19 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:20:17:20:23 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:20:17:20:23 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:23:19:23:25 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:23:19:23:25 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:26:25:26:31 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:28:36:28:42 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:30:37:30:43 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:34:34:34:40 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:34:34:34:40 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:36:24:36:30 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:37:30:37:36 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:41:43:41:49 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:43:46:43:52 | tainted |
| tst.js:14:9:14:52 | tainted | tst.js:45:50:45:56 | tainted |
| tst.js:14:19:14:42 | url.par ... , true) | tst.js:14:19:14:48 | url.par ... ).query |
| tst.js:14:19:14:48 | url.par ... ).query | tst.js:14:19:14:52 | url.par ... ery.url |
| tst.js:14:19:14:52 | url.par ... ery.url | tst.js:14:9:14:52 | tainted |
| tst.js:14:29:14:35 | req.url | tst.js:14:19:14:42 | url.par ... , true) |
| tst.js:14:29:14:35 | req.url | tst.js:14:19:14:42 | url.par ... , true) |
| tst.js:26:25:26:31 | tainted | tst.js:26:13:26:31 | "http://" + tainted |
| tst.js:26:25:26:31 | tainted | tst.js:26:13:26:31 | "http://" + tainted |
| tst.js:28:36:28:42 | tainted | tst.js:28:13:28:42 | "http:/ ... tainted |
| tst.js:28:36:28:42 | tainted | tst.js:28:13:28:42 | "http:/ ... tainted |
| tst.js:30:37:30:43 | tainted | tst.js:30:13:30:43 | "http:/ ... tainted |
| tst.js:30:37:30:43 | tainted | tst.js:30:13:30:43 | "http:/ ... tainted |
| tst.js:36:24:36:30 | tainted | tst.js:36:16:36:31 | new Uri(tainted) |
| tst.js:36:24:36:30 | tainted | tst.js:36:16:36:31 | new Uri(tainted) |
| tst.js:37:30:37:36 | tainted | tst.js:37:22:37:37 | new Uri(tainted) |
| tst.js:37:30:37:36 | tainted | tst.js:37:22:37:37 | new Uri(tainted) |
| tst.js:41:43:41:49 | tainted | tst.js:41:13:41:51 | `http:/ ... inted}` |
| tst.js:41:43:41:49 | tainted | tst.js:41:13:41:51 | `http:/ ... inted}` |
| tst.js:43:46:43:52 | tainted | tst.js:43:13:43:54 | `http:/ ... inted}` |
| tst.js:43:46:43:52 | tainted | tst.js:43:13:43:54 | `http:/ ... inted}` |
| tst.js:45:50:45:56 | tainted | tst.js:45:13:45:56 | 'http:/ ... tainted |
| tst.js:45:50:45:56 | tainted | tst.js:45:13:45:56 | 'http:/ ... tainted |
| tst.js:58:9:58:52 | tainted | tst.js:61:29:61:35 | tainted |
| tst.js:58:9:58:52 | tainted | tst.js:61:29:61:35 | tainted |
| tst.js:58:9:58:52 | tainted | tst.js:64:30:64:36 | tainted |
| tst.js:58:9:58:52 | tainted | tst.js:64:30:64:36 | tainted |
| tst.js:58:9:58:52 | tainted | tst.js:68:30:68:36 | tainted |
| tst.js:58:9:58:52 | tainted | tst.js:68:30:68:36 | tainted |
| tst.js:58:19:58:42 | url.par ... , true) | tst.js:58:19:58:48 | url.par ... ).query |
| tst.js:58:19:58:48 | url.par ... ).query | tst.js:58:19:58:52 | url.par ... ery.url |
| tst.js:58:19:58:52 | url.par ... ery.url | tst.js:58:9:58:52 | tainted |
| tst.js:58:29:58:35 | req.url | tst.js:58:19:58:42 | url.par ... , true) |
| tst.js:58:29:58:35 | req.url | tst.js:58:19:58:42 | url.par ... , true) |
| tst.js:74:9:74:52 | tainted | tst.js:76:19:76:25 | tainted |
| tst.js:74:9:74:52 | tainted | tst.js:76:19:76:25 | tainted |
| tst.js:74:19:74:42 | url.par ... , true) | tst.js:74:19:74:48 | url.par ... ).query |
| tst.js:74:19:74:48 | url.par ... ).query | tst.js:74:19:74:52 | url.par ... ery.url |
| tst.js:74:19:74:52 | url.par ... ery.url | tst.js:74:9:74:52 | tainted |
| tst.js:74:29:74:35 | req.url | tst.js:74:19:74:42 | url.par ... , true) |
| tst.js:74:29:74:35 | req.url | tst.js:74:19:74:42 | url.par ... , true) |
| tst.js:83:38:83:43 | param1 | tst.js:84:19:84:24 | param1 |
| tst.js:83:38:83:43 | param1 | tst.js:84:19:84:24 | param1 |
| tst.js:83:38:83:43 | param1 | tst.js:84:19:84:24 | param1 |
| tst.js:83:38:83:43 | param1 | tst.js:84:19:84:24 | param1 |
| tst.js:90:19:90:28 | ctx.params | tst.js:90:19:90:32 | ctx.params.foo |
| tst.js:90:19:90:28 | ctx.params | tst.js:90:19:90:32 | ctx.params.foo |
| tst.js:90:19:90:28 | ctx.params | tst.js:90:19:90:32 | ctx.params.foo |
| tst.js:90:19:90:28 | ctx.params | tst.js:90:19:90:32 | ctx.params.foo |
| tst.js:92:19:92:28 | ctx.params | tst.js:92:19:92:32 | ctx.params.foo |
| tst.js:92:19:92:28 | ctx.params | tst.js:92:19:92:32 | ctx.params.foo |
| tst.js:92:19:92:28 | ctx.params | tst.js:92:19:92:32 | ctx.params.foo |
| tst.js:92:19:92:28 | ctx.params | tst.js:92:19:92:32 | ctx.params.foo |
| tst.js:98:9:98:52 | tainted | tst.js:100:19:100:25 | tainted |
| tst.js:98:9:98:52 | tainted | tst.js:100:19:100:25 | tainted |
| tst.js:98:19:98:42 | url.par ... , true) | tst.js:98:19:98:48 | url.par ... ).query |
| tst.js:98:19:98:48 | url.par ... ).query | tst.js:98:19:98:52 | url.par ... ery.url |
| tst.js:98:19:98:52 | url.par ... ery.url | tst.js:98:9:98:52 | tainted |
| tst.js:98:29:98:35 | req.url | tst.js:98:19:98:42 | url.par ... , true) |
| tst.js:98:29:98:35 | req.url | tst.js:98:19:98:42 | url.par ... , true) |
#select
| tst.js:18:5:18:20 | request(tainted) | tst.js:14:29:14:35 | req.url | tst.js:18:13:18:19 | tainted | The $@ of this request depends on $@. | tst.js:18:13:18:19 | tainted | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
| tst.js:20:5:20:24 | request.get(tainted) | tst.js:14:29:14:35 | req.url | tst.js:20:17:20:23 | tainted | The $@ of this request depends on $@. | tst.js:20:17:20:23 | tainted | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
| tst.js:24:5:24:20 | request(options) | tst.js:14:29:14:35 | req.url | tst.js:23:19:23:25 | tainted | The $@ of this request depends on $@. | tst.js:23:19:23:25 | tainted | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
| tst.js:26:5:26:32 | request ... ainted) | tst.js:14:29:14:35 | req.url | tst.js:26:13:26:31 | "http://" + tainted | The $@ of this request depends on $@. | tst.js:26:13:26:31 | "http://" + tainted | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
| tst.js:28:5:28:43 | request ... ainted) | tst.js:14:29:14:35 | req.url | tst.js:28:13:28:42 | "http:/ ... tainted | The $@ of this request depends on $@. | tst.js:28:13:28:42 | "http:/ ... tainted | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
| tst.js:30:5:30:44 | request ... ainted) | tst.js:14:29:14:35 | req.url | tst.js:30:13:30:43 | "http:/ ... tainted | The $@ of this request depends on $@. | tst.js:30:13:30:43 | "http:/ ... tainted | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
| tst.js:34:5:34:42 | http.ge ... inted}) | tst.js:14:29:14:35 | req.url | tst.js:34:34:34:40 | tainted | The $@ of this request depends on $@. | tst.js:34:34:34:40 | tainted | host | tst.js:14:29:14:35 | req.url | a user-provided value |
| tst.js:36:5:36:32 | XhrIo.s ... inted)) | tst.js:14:29:14:35 | req.url | tst.js:36:16:36:31 | new Uri(tainted) | The $@ of this request depends on $@. | tst.js:36:16:36:31 | new Uri(tainted) | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
| tst.js:37:5:37:38 | new Xhr ... inted)) | tst.js:14:29:14:35 | req.url | tst.js:37:22:37:37 | new Uri(tainted) | The $@ of this request depends on $@. | tst.js:37:22:37:37 | new Uri(tainted) | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
| tst.js:41:5:41:52 | request ... nted}`) | tst.js:14:29:14:35 | req.url | tst.js:41:13:41:51 | `http:/ ... inted}` | The $@ of this request depends on $@. | tst.js:41:13:41:51 | `http:/ ... inted}` | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
| tst.js:43:5:43:55 | request ... nted}`) | tst.js:14:29:14:35 | req.url | tst.js:43:13:43:54 | `http:/ ... inted}` | The $@ of this request depends on $@. | tst.js:43:13:43:54 | `http:/ ... inted}` | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
| tst.js:45:5:45:57 | request ... ainted) | tst.js:14:29:14:35 | req.url | tst.js:45:13:45:56 | 'http:/ ... tainted | The $@ of this request depends on $@. | tst.js:45:13:45:56 | 'http:/ ... tainted | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
| tst.js:61:2:61:37 | client. ... inted}) | tst.js:58:29:58:35 | req.url | tst.js:61:29:61:35 | tainted | The $@ of this request depends on $@. | tst.js:61:29:61:35 | tainted | URL | tst.js:58:29:58:35 | req.url | a user-provided value |
| tst.js:64:3:64:38 | client. ... inted}) | tst.js:58:29:58:35 | req.url | tst.js:64:30:64:36 | tainted | The $@ of this request depends on $@. | tst.js:64:30:64:36 | tainted | URL | tst.js:58:29:58:35 | req.url | a user-provided value |
| tst.js:68:3:68:38 | client. ... inted}) | tst.js:58:29:58:35 | req.url | tst.js:68:30:68:36 | tainted | The $@ of this request depends on $@. | tst.js:68:30:68:36 | tainted | URL | tst.js:58:29:58:35 | req.url | a user-provided value |
| tst.js:76:5:76:26 | JSDOM.f ... ainted) | tst.js:74:29:74:35 | req.url | tst.js:76:19:76:25 | tainted | The $@ of this request depends on $@. | tst.js:76:19:76:25 | tainted | URL | tst.js:74:29:74:35 | req.url | a user-provided value |
| tst.js:84:5:84:25 | JSDOM.f ... param1) | tst.js:83:38:83:43 | param1 | tst.js:84:19:84:24 | param1 | The $@ of this request depends on $@. | tst.js:84:19:84:24 | param1 | URL | tst.js:83:38:83:43 | param1 | a user-provided value |
| tst.js:90:5:90:33 | JSDOM.f ... ms.foo) | tst.js:90:19:90:28 | ctx.params | tst.js:90:19:90:32 | ctx.params.foo | The $@ of this request depends on $@. | tst.js:90:19:90:32 | ctx.params.foo | URL | tst.js:90:19:90:28 | ctx.params | a user-provided value |
| tst.js:92:5:92:33 | JSDOM.f ... ms.foo) | tst.js:92:19:92:28 | ctx.params | tst.js:92:19:92:32 | ctx.params.foo | The $@ of this request depends on $@. | tst.js:92:19:92:32 | ctx.params.foo | URL | tst.js:92:19:92:28 | ctx.params | a user-provided value |
| tst.js:100:5:100:26 | new Web ... ainted) | tst.js:98:29:98:35 | req.url | tst.js:100:19:100:25 | tainted | The $@ of this request depends on $@. | tst.js:100:19:100:25 | tainted | URL | tst.js:98:29:98:35 | req.url | a user-provided value |
Reference in New Issue View Git Blame Copy Permalink