mirror of
https://github.com/github/codeql.git
synced 2025-12-18 01:33:15 +01:00
58 lines
4.1 KiB
Plaintext
58 lines
4.1 KiB
Plaintext
nodes
|
|
| XpathInjectionBad.js:6:7:6:38 | userName |
|
|
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") |
|
|
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") |
|
|
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
|
|
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
|
|
| XpathInjectionBad.js:9:66:9:73 | userName |
|
|
| tst2.js:1:13:1:29 | document.location |
|
|
| tst2.js:1:13:1:29 | document.location |
|
|
| tst2.js:1:13:1:34 | documen ... on.hash |
|
|
| tst2.js:1:13:1:47 | documen ... ring(1) |
|
|
| tst2.js:2:27:2:31 | query |
|
|
| tst2.js:2:27:2:31 | query |
|
|
| tst2.js:3:19:3:23 | query |
|
|
| tst2.js:3:19:3:23 | query |
|
|
| tst.js:6:7:6:37 | tainted |
|
|
| tst.js:6:17:6:37 | req.par ... rName") |
|
|
| tst.js:6:17:6:37 | req.par ... rName") |
|
|
| tst.js:7:15:7:21 | tainted |
|
|
| tst.js:7:15:7:21 | tainted |
|
|
| tst.js:8:16:8:22 | tainted |
|
|
| tst.js:8:16:8:22 | tainted |
|
|
| tst.js:9:17:9:23 | tainted |
|
|
| tst.js:9:17:9:23 | tainted |
|
|
| tst.js:11:8:11:14 | tainted |
|
|
| tst.js:11:8:11:14 | tainted |
|
|
edges
|
|
| XpathInjectionBad.js:6:7:6:38 | userName | XpathInjectionBad.js:9:66:9:73 | userName |
|
|
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName |
|
|
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName |
|
|
| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
|
|
| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
|
|
| tst2.js:1:13:1:29 | document.location | tst2.js:1:13:1:34 | documen ... on.hash |
|
|
| tst2.js:1:13:1:29 | document.location | tst2.js:1:13:1:34 | documen ... on.hash |
|
|
| tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) |
|
|
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query |
|
|
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query |
|
|
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:3:19:3:23 | query |
|
|
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:3:19:3:23 | query |
|
|
| tst.js:6:7:6:37 | tainted | tst.js:7:15:7:21 | tainted |
|
|
| tst.js:6:7:6:37 | tainted | tst.js:7:15:7:21 | tainted |
|
|
| tst.js:6:7:6:37 | tainted | tst.js:8:16:8:22 | tainted |
|
|
| tst.js:6:7:6:37 | tainted | tst.js:8:16:8:22 | tainted |
|
|
| tst.js:6:7:6:37 | tainted | tst.js:9:17:9:23 | tainted |
|
|
| tst.js:6:7:6:37 | tainted | tst.js:9:17:9:23 | tainted |
|
|
| tst.js:6:7:6:37 | tainted | tst.js:11:8:11:14 | tainted |
|
|
| tst.js:6:7:6:37 | tainted | tst.js:11:8:11:14 | tainted |
|
|
| tst.js:6:17:6:37 | req.par ... rName") | tst.js:6:7:6:37 | tainted |
|
|
| tst.js:6:17:6:37 | req.par ... rName") | tst.js:6:7:6:37 | tainted |
|
|
#select
|
|
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | $@ flows here and is used in an XPath expression. | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | User-provided value |
|
|
| tst2.js:2:27:2:31 | query | tst2.js:1:13:1:29 | document.location | tst2.js:2:27:2:31 | query | $@ flows here and is used in an XPath expression. | tst2.js:1:13:1:29 | document.location | User-provided value |
|
|
| tst2.js:3:19:3:23 | query | tst2.js:1:13:1:29 | document.location | tst2.js:3:19:3:23 | query | $@ flows here and is used in an XPath expression. | tst2.js:1:13:1:29 | document.location | User-provided value |
|
|
| tst.js:7:15:7:21 | tainted | tst.js:6:17:6:37 | req.par ... rName") | tst.js:7:15:7:21 | tainted | $@ flows here and is used in an XPath expression. | tst.js:6:17:6:37 | req.par ... rName") | User-provided value |
|
|
| tst.js:8:16:8:22 | tainted | tst.js:6:17:6:37 | req.par ... rName") | tst.js:8:16:8:22 | tainted | $@ flows here and is used in an XPath expression. | tst.js:6:17:6:37 | req.par ... rName") | User-provided value |
|
|
| tst.js:9:17:9:23 | tainted | tst.js:6:17:6:37 | req.par ... rName") | tst.js:9:17:9:23 | tainted | $@ flows here and is used in an XPath expression. | tst.js:6:17:6:37 | req.par ... rName") | User-provided value |
|
|
| tst.js:11:8:11:14 | tainted | tst.js:6:17:6:37 | req.par ... rName") | tst.js:11:8:11:14 | tainted | $@ flows here and is used in an XPath expression. | tst.js:6:17:6:37 | req.par ... rName") | User-provided value |
|