hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
6947e99c1545f77b81dd99e539d601b0c72074b7
codeql/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected
jorgectf 6947e99c15 Add models for webix 
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
2023-06-22 01:07:33 +02:00

383 lines
34 KiB
Plaintext
Raw Blame History

nodes
| NoSQLCodeInjection.js:18:24:18:31 | req.body |
| NoSQLCodeInjection.js:18:24:18:31 | req.body |
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:19:36:19:43 | req.body |
| NoSQLCodeInjection.js:19:36:19:43 | req.body |
| NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:22:36:22:43 | req.body |
| NoSQLCodeInjection.js:22:36:22:43 | req.body |
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
| actions.js:4:10:4:50 | github. ... message |
| actions.js:4:10:4:50 | github. ... message |
| actions.js:4:10:4:50 | github. ... message |
| angularjs.js:10:22:10:36 | location.search |
| angularjs.js:10:22:10:36 | location.search |
| angularjs.js:10:22:10:36 | location.search |
| angularjs.js:13:23:13:37 | location.search |
| angularjs.js:13:23:13:37 | location.search |
| angularjs.js:13:23:13:37 | location.search |
| angularjs.js:16:28:16:42 | location.search |
| angularjs.js:16:28:16:42 | location.search |
| angularjs.js:16:28:16:42 | location.search |
| angularjs.js:19:22:19:36 | location.search |
| angularjs.js:19:22:19:36 | location.search |
| angularjs.js:19:22:19:36 | location.search |
| angularjs.js:22:27:22:41 | location.search |
| angularjs.js:22:27:22:41 | location.search |
| angularjs.js:22:27:22:41 | location.search |
| angularjs.js:25:23:25:37 | location.search |
| angularjs.js:25:23:25:37 | location.search |
| angularjs.js:25:23:25:37 | location.search |
| angularjs.js:28:33:28:47 | location.search |
| angularjs.js:28:33:28:47 | location.search |
| angularjs.js:28:33:28:47 | location.search |
| angularjs.js:31:28:31:42 | location.search |
| angularjs.js:31:28:31:42 | location.search |
| angularjs.js:31:28:31:42 | location.search |
| angularjs.js:34:18:34:32 | location.search |
| angularjs.js:34:18:34:32 | location.search |
| angularjs.js:34:18:34:32 | location.search |
| angularjs.js:40:18:40:32 | location.search |
| angularjs.js:40:18:40:32 | location.search |
| angularjs.js:40:18:40:32 | location.search |
| angularjs.js:44:17:44:31 | location.search |
| angularjs.js:44:17:44:31 | location.search |
| angularjs.js:44:17:44:31 | location.search |
| angularjs.js:47:16:47:30 | location.search |
| angularjs.js:47:16:47:30 | location.search |
| angularjs.js:47:16:47:30 | location.search |
| angularjs.js:50:22:50:36 | location.search |
| angularjs.js:50:22:50:36 | location.search |
| angularjs.js:50:22:50:36 | location.search |
| angularjs.js:53:32:53:46 | location.search |
| angularjs.js:53:32:53:46 | location.search |
| angularjs.js:53:32:53:46 | location.search |
| express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") |
| express.js:7:44:7:62 | req.param("wobble") |
| express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") |
| express.js:9:54:9:72 | req.param("wobble") |
| express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") |
| express.js:12:28:12:46 | req.param("wobble") |
| express.js:15:22:15:54 | req.par ... ction") |
| express.js:15:22:15:54 | req.par ... ction") |
| express.js:15:22:15:54 | req.par ... ction") |
| express.js:17:30:17:53 | req.par ... cript") |
| express.js:17:30:17:53 | req.par ... cript") |
| express.js:17:30:17:53 | req.par ... cript") |
| express.js:19:37:19:70 | req.par ... odule") |
| express.js:19:37:19:70 | req.par ... odule") |
| express.js:19:37:19:70 | req.par ... odule") |
| express.js:21:19:21:48 | req.par ... ntext") |
| express.js:21:19:21:48 | req.par ... ntext") |
| express.js:21:19:21:48 | req.par ... ntext") |
| express.js:26:9:26:35 | taint |
| express.js:26:17:26:35 | req.param("wobble") |
| express.js:26:17:26:35 | req.param("wobble") |
| express.js:27:34:27:38 | taint |
| express.js:27:34:27:38 | taint |
| express.js:34:9:34:35 | taint |
| express.js:34:17:34:35 | req.param("wobble") |
| express.js:34:17:34:35 | req.param("wobble") |
| express.js:43:15:43:19 | taint |
| express.js:43:15:43:19 | taint |
| express.js:49:30:49:32 | msg |
| express.js:49:30:49:32 | msg |
| express.js:50:10:50:12 | msg |
| express.js:50:10:50:12 | msg |
| module.js:9:16:9:29 | req.query.code |
| module.js:9:16:9:29 | req.query.code |
| module.js:9:16:9:29 | req.query.code |
| module.js:11:17:11:30 | req.query.code |
| module.js:11:17:11:30 | req.query.code |
| module.js:11:17:11:30 | req.query.code |
| react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:8:32:8:38 | tainted |
| react-native.js:8:32:8:38 | tainted |
| react-native.js:10:23:10:29 | tainted |
| react-native.js:10:23:10:29 | tainted |
| react.js:10:56:10:77 | documen ... on.hash |
| react.js:10:56:10:77 | documen ... on.hash |
| react.js:10:56:10:77 | documen ... on.hash |
| template-sinks.js:18:9:18:31 | tainted |
| template-sinks.js:18:19:18:31 | req.query.foo |
| template-sinks.js:18:19:18:31 | req.query.foo |
| template-sinks.js:20:17:20:23 | tainted |
| template-sinks.js:20:17:20:23 | tainted |
| template-sinks.js:21:16:21:22 | tainted |
| template-sinks.js:21:16:21:22 | tainted |
| template-sinks.js:22:18:22:24 | tainted |
| template-sinks.js:22:18:22:24 | tainted |
| template-sinks.js:23:17:23:23 | tainted |
| template-sinks.js:23:17:23:23 | tainted |
| template-sinks.js:24:18:24:24 | tainted |
| template-sinks.js:24:18:24:24 | tainted |
| template-sinks.js:25:16:25:22 | tainted |
| template-sinks.js:25:16:25:22 | tainted |
| template-sinks.js:26:27:26:33 | tainted |
| template-sinks.js:26:27:26:33 | tainted |
| template-sinks.js:27:21:27:27 | tainted |
| template-sinks.js:27:21:27:27 | tainted |
| template-sinks.js:28:17:28:23 | tainted |
| template-sinks.js:28:17:28:23 | tainted |
| template-sinks.js:29:24:29:30 | tainted |
| template-sinks.js:29:24:29:30 | tainted |
| template-sinks.js:30:21:30:27 | tainted |
| template-sinks.js:30:21:30:27 | tainted |
| template-sinks.js:31:19:31:25 | tainted |
| template-sinks.js:31:19:31:25 | tainted |
| template-sinks.js:32:16:32:22 | tainted |
| template-sinks.js:32:16:32:22 | tainted |
| template-sinks.js:33:17:33:23 | tainted |
| template-sinks.js:33:17:33:23 | tainted |
| template-sinks.js:34:26:34:32 | tainted |
| template-sinks.js:34:26:34:32 | tainted |
| template-sinks.js:35:47:35:53 | tainted |
| template-sinks.js:35:47:35:53 | tainted |
| tst.js:2:6:2:27 | documen ... on.href |
| tst.js:2:6:2:27 | documen ... on.href |
| tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:14:10:14:33 | documen ... .search |
| tst.js:14:10:14:33 | documen ... .search |
| tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:23:11:23:32 | documen ... on.hash |
| tst.js:23:11:23:32 | documen ... on.hash |
| tst.js:23:11:23:45 | documen ... ring(1) |
| tst.js:26:26:26:40 | location.search |
| tst.js:26:26:26:40 | location.search |
| tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:29:9:29:82 | source |
| tst.js:29:18:29:41 | documen ... .search |
| tst.js:29:18:29:41 | documen ... .search |
| tst.js:29:18:29:82 | documen ... , "$1") |
| tst.js:31:18:31:23 | source |
| tst.js:31:18:31:23 | source |
| tst.js:33:14:33:19 | source |
| tst.js:33:14:33:19 | source |
| tst.js:35:28:35:33 | source |
| tst.js:35:28:35:33 | source |
| tst.js:37:33:37:38 | source |
| tst.js:37:33:37:38 | source |
| webix.js:3:12:3:33 | documen ... on.hash |
| webix.js:3:12:3:33 | documen ... on.hash |
| webix.js:3:12:3:33 | documen ... on.hash |
edges
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message |
| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search |
| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search |
| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search |
| angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search |
| angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search |
| angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search |
| angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search |
| angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search |
| angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search |
| angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search |
| angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search |
| angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search |
| angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search |
| angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") |
| express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") |
| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") |
| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") |
| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint |
| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint |
| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint |
| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint |
| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint |
| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint |
| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint |
| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint |
| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code |
| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:34:26:34:32 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:34:26:34:32 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:35:47:35:53 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:35:47:35:53 | tainted |
| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted |
| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) |
| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) |
| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source |
| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source |
| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source |
| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source |
| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source |
| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source |
| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source |
| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source |
| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") |
| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") |
| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source |
| webix.js:3:12:3:33 | documen ... on.hash | webix.js:3:12:3:33 | documen ... on.hash |
#select
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | This code execution depends on a $@. | NoSQLCodeInjection.js:18:24:18:31 | req.body | user-provided value |
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:19:36:19:43 | req.body | user-provided value |
| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:22:36:22:43 | req.body | user-provided value |
| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message | This code execution depends on a $@. | actions.js:4:10:4:50 | github. ... message | user-provided value |
| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | This code execution depends on a $@. | angularjs.js:10:22:10:36 | location.search | user-provided value |
| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | This code execution depends on a $@. | angularjs.js:13:23:13:37 | location.search | user-provided value |
| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | This code execution depends on a $@. | angularjs.js:16:28:16:42 | location.search | user-provided value |
| angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search | This code execution depends on a $@. | angularjs.js:19:22:19:36 | location.search | user-provided value |
| angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search | This code execution depends on a $@. | angularjs.js:22:27:22:41 | location.search | user-provided value |
| angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search | This code execution depends on a $@. | angularjs.js:25:23:25:37 | location.search | user-provided value |
| angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search | This code execution depends on a $@. | angularjs.js:28:33:28:47 | location.search | user-provided value |
| angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search | This code execution depends on a $@. | angularjs.js:31:28:31:42 | location.search | user-provided value |
| angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search | This code execution depends on a $@. | angularjs.js:34:18:34:32 | location.search | user-provided value |
| angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search | This code execution depends on a $@. | angularjs.js:40:18:40:32 | location.search | user-provided value |
| angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search | This code execution depends on a $@. | angularjs.js:44:17:44:31 | location.search | user-provided value |
| angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | This code execution depends on a $@. | angularjs.js:47:16:47:30 | location.search | user-provided value |
| angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | This code execution depends on a $@. | angularjs.js:50:22:50:36 | location.search | user-provided value |
| angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | This code execution depends on a $@. | angularjs.js:53:32:53:46 | location.search | user-provided value |
| express.js:7:24:7:69 | "return ... + "];" | express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | This code execution depends on a $@. | express.js:7:44:7:62 | req.param("wobble") | user-provided value |
| express.js:9:34:9:79 | "return ... + "];" | express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | This code execution depends on a $@. | express.js:9:54:9:72 | req.param("wobble") | user-provided value |
| express.js:12:8:12:53 | "return ... + "];" | express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | This code execution depends on a $@. | express.js:12:28:12:46 | req.param("wobble") | user-provided value |
| express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") | This code execution depends on a $@. | express.js:15:22:15:54 | req.par ... ction") | user-provided value |
| express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") | This code execution depends on a $@. | express.js:17:30:17:53 | req.par ... cript") | user-provided value |
| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | This code execution depends on a $@. | express.js:19:37:19:70 | req.par ... odule") | user-provided value |
| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | This code execution depends on a $@. | express.js:21:19:21:48 | req.par ... ntext") | user-provided value |
| express.js:27:34:27:38 | taint | express.js:26:17:26:35 | req.param("wobble") | express.js:27:34:27:38 | taint | This code execution depends on a $@. | express.js:26:17:26:35 | req.param("wobble") | user-provided value |
| express.js:43:15:43:19 | taint | express.js:34:17:34:35 | req.param("wobble") | express.js:43:15:43:19 | taint | This code execution depends on a $@. | express.js:34:17:34:35 | req.param("wobble") | user-provided value |
| express.js:50:10:50:12 | msg | express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | This code execution depends on a $@. | express.js:49:30:49:32 | msg | user-provided value |
| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | This code execution depends on a $@. | module.js:9:16:9:29 | req.query.code | user-provided value |
| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | This code execution depends on a $@. | module.js:11:17:11:30 | req.query.code | user-provided value |
| react-native.js:8:32:8:38 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:8:32:8:38 | tainted | This code execution depends on a $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
| react-native.js:10:23:10:29 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:10:23:10:29 | tainted | This code execution depends on a $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | This code execution depends on a $@. | react.js:10:56:10:77 | documen ... on.hash | user-provided value |
| template-sinks.js:20:17:20:23 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:20:17:20:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:21:16:21:22 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:21:16:21:22 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:22:18:22:24 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:22:18:22:24 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:23:17:23:23 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:23:17:23:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:24:18:24:24 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:24:18:24:24 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:25:16:25:22 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:25:16:25:22 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:26:27:26:33 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:26:27:26:33 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:27:21:27:27 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:27:21:27:27 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:28:17:28:23 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:28:17:28:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:29:24:29:30 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:29:24:29:30 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:30:21:30:27 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:30:21:30:27 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:31:19:31:25 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:31:19:31:25 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:32:16:32:22 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:32:16:32:22 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:33:17:33:23 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:33:17:33:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:34:26:34:32 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:34:26:34:32 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:35:47:35:53 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:35:47:35:53 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| tst.js:2:6:2:83 | documen ... t=")+8) | tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | This code execution depends on a $@. | tst.js:2:6:2:27 | documen ... on.href | user-provided value |
| tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | This code execution depends on a $@. | tst.js:5:12:5:33 | documen ... on.hash | user-provided value |
| tst.js:14:10:14:74 | documen ... , "$1") | tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | This code execution depends on a $@. | tst.js:14:10:14:33 | documen ... .search | user-provided value |
| tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash | This code execution depends on a $@. | tst.js:17:21:17:42 | documen ... on.hash | user-provided value |
| tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash | This code execution depends on a $@. | tst.js:20:30:20:51 | documen ... on.hash | user-provided value |
| tst.js:23:6:23:46 | atob(do ... ing(1)) | tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:6:23:46 | atob(do ... ing(1)) | This code execution depends on a $@. | tst.js:23:11:23:32 | documen ... on.hash | user-provided value |
| tst.js:26:26:26:53 | locatio ... ring(1) | tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | This code execution depends on a $@. | tst.js:26:26:26:40 | location.search | user-provided value |
| tst.js:31:18:31:23 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:31:18:31:23 | source | This code execution depends on a $@. | tst.js:29:18:29:41 | documen ... .search | user-provided value |
| tst.js:33:14:33:19 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:33:14:33:19 | source | This code execution depends on a $@. | tst.js:29:18:29:41 | documen ... .search | user-provided value |
| tst.js:35:28:35:33 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:35:28:35:33 | source | This code execution depends on a $@. | tst.js:29:18:29:41 | documen ... .search | user-provided value |
| tst.js:37:33:37:38 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:37:33:37:38 | source | This code execution depends on a $@. | tst.js:29:18:29:41 | documen ... .search | user-provided value |
| webix.js:3:12:3:33 | documen ... on.hash | webix.js:3:12:3:33 | documen ... on.hash | webix.js:3:12:3:33 | documen ... on.hash | This code execution depends on a $@. | webix.js:3:12:3:33 | documen ... on.hash | user-provided value |
Reference in New Issue View Git Blame Copy Permalink