codeql/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected

#select
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | This code execution depends on a $@. | NoSQLCodeInjection.js:18:24:18:31 | req.body | user-provided value |
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:19:36:19:43 | req.body | user-provided value |
| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:22:36:22:43 | req.body | user-provided value |
| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message | This code execution depends on a $@. | actions.js:4:10:4:50 | github. ... message | user-provided value |
| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | This code execution depends on a $@. | angularjs.js:10:22:10:36 | location.search | user-provided value |
| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | This code execution depends on a $@. | angularjs.js:13:23:13:37 | location.search | user-provided value |
| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | This code execution depends on a $@. | angularjs.js:16:28:16:42 | location.search | user-provided value |
| angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search | This code execution depends on a $@. | angularjs.js:19:22:19:36 | location.search | user-provided value |
| angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search | This code execution depends on a $@. | angularjs.js:22:27:22:41 | location.search | user-provided value |
| angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search | This code execution depends on a $@. | angularjs.js:25:23:25:37 | location.search | user-provided value |
| angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search | This code execution depends on a $@. | angularjs.js:28:33:28:47 | location.search | user-provided value |
| angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search | This code execution depends on a $@. | angularjs.js:31:28:31:42 | location.search | user-provided value |
| angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search | This code execution depends on a $@. | angularjs.js:34:18:34:32 | location.search | user-provided value |
| angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search | This code execution depends on a $@. | angularjs.js:40:18:40:32 | location.search | user-provided value |
| angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search | This code execution depends on a $@. | angularjs.js:44:17:44:31 | location.search | user-provided value |
| angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | This code execution depends on a $@. | angularjs.js:47:16:47:30 | location.search | user-provided value |
| angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | This code execution depends on a $@. | angularjs.js:50:22:50:36 | location.search | user-provided value |
| angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | This code execution depends on a $@. | angularjs.js:53:32:53:46 | location.search | user-provided value |
| express.js:6:24:6:69 | "return ...  + "];" | express.js:6:44:6:62 | req.param("wobble") | express.js:6:24:6:69 | "return ...  + "];" | This code execution depends on a $@. | express.js:6:44:6:62 | req.param("wobble") | user-provided value |
| express.js:7:34:7:79 | "return ...  + "];" | express.js:7:54:7:72 | req.param("wobble") | express.js:7:34:7:79 | "return ...  + "];" | This code execution depends on a $@. | express.js:7:54:7:72 | req.param("wobble") | user-provided value |
| express.js:9:8:9:53 | "return ...  + "];" | express.js:9:28:9:46 | req.param("wobble") | express.js:9:8:9:53 | "return ...  + "];" | This code execution depends on a $@. | express.js:9:28:9:46 | req.param("wobble") | user-provided value |
| express.js:11:22:11:54 | req.par ... ction") | express.js:11:22:11:54 | req.par ... ction") | express.js:11:22:11:54 | req.par ... ction") | This code execution depends on a $@. | express.js:11:22:11:54 | req.par ... ction") | user-provided value |
| express.js:12:30:12:53 | req.par ... cript") | express.js:12:30:12:53 | req.par ... cript") | express.js:12:30:12:53 | req.par ... cript") | This code execution depends on a $@. | express.js:12:30:12:53 | req.par ... cript") | user-provided value |
| express.js:13:37:13:70 | req.par ... odule") | express.js:13:37:13:70 | req.par ... odule") | express.js:13:37:13:70 | req.par ... odule") | This code execution depends on a $@. | express.js:13:37:13:70 | req.par ... odule") | user-provided value |
| express.js:14:19:14:48 | req.par ... ntext") | express.js:14:19:14:48 | req.par ... ntext") | express.js:14:19:14:48 | req.par ... ntext") | This code execution depends on a $@. | express.js:14:19:14:48 | req.par ... ntext") | user-provided value |
| express.js:20:34:20:38 | taint | express.js:19:17:19:35 | req.param("wobble") | express.js:20:34:20:38 | taint | This code execution depends on a $@. | express.js:19:17:19:35 | req.param("wobble") | user-provided value |
| express.js:36:15:36:19 | taint | express.js:27:17:27:35 | req.param("wobble") | express.js:36:15:36:19 | taint | This code execution depends on a $@. | express.js:27:17:27:35 | req.param("wobble") | user-provided value |
| express.js:43:10:43:12 | msg | express.js:42:30:42:32 | msg | express.js:43:10:43:12 | msg | This code execution depends on a $@. | express.js:42:30:42:32 | msg | user-provided value |
| fastify.js:5:44:5:52 | userInput | fastify.js:4:21:4:33 | request.query | fastify.js:5:44:5:52 | userInput | This code execution depends on a $@. | fastify.js:4:21:4:33 | request.query | user-provided value |
| fastify.js:5:44:5:52 | userInput | fastify.js:4:21:4:43 | request ... Request | fastify.js:5:44:5:52 | userInput | This code execution depends on a $@. | fastify.js:4:21:4:43 | request ... Request | user-provided value |
| fastify.js:10:44:10:52 | userInput | fastify.js:9:21:9:33 | request.query | fastify.js:10:44:10:52 | userInput | This code execution depends on a $@. | fastify.js:9:21:9:33 | request.query | user-provided value |
| fastify.js:10:44:10:52 | userInput | fastify.js:9:21:9:40 | request.query.onSend | fastify.js:10:44:10:52 | userInput | This code execution depends on a $@. | fastify.js:9:21:9:40 | request.query.onSend | user-provided value |
| fastify.js:16:44:16:52 | userInput | fastify.js:15:21:15:33 | request.query | fastify.js:16:44:16:52 | userInput | This code execution depends on a $@. | fastify.js:15:21:15:33 | request.query | user-provided value |
| fastify.js:16:44:16:52 | userInput | fastify.js:15:21:15:44 | request ... Parsing | fastify.js:16:44:16:52 | userInput | This code execution depends on a $@. | fastify.js:15:21:15:44 | request ... Parsing | user-provided value |
| fastify.js:22:44:22:52 | userInput | fastify.js:21:21:21:33 | request.query | fastify.js:22:44:22:52 | userInput | This code execution depends on a $@. | fastify.js:21:21:21:33 | request.query | user-provided value |
| fastify.js:22:44:22:52 | userInput | fastify.js:21:21:21:47 | request ... idation | fastify.js:22:44:22:52 | userInput | This code execution depends on a $@. | fastify.js:21:21:21:47 | request ... idation | user-provided value |
| fastify.js:27:44:27:52 | userInput | fastify.js:26:21:26:33 | request.query | fastify.js:27:44:27:52 | userInput | This code execution depends on a $@. | fastify.js:26:21:26:33 | request.query | user-provided value |
| fastify.js:27:44:27:52 | userInput | fastify.js:26:21:26:44 | request ... Handler | fastify.js:27:44:27:52 | userInput | This code execution depends on a $@. | fastify.js:26:21:26:44 | request ... Handler | user-provided value |
| fastify.js:32:44:32:52 | userInput | fastify.js:31:21:31:33 | request.query | fastify.js:32:44:32:52 | userInput | This code execution depends on a $@. | fastify.js:31:21:31:33 | request.query | user-provided value |
| fastify.js:32:44:32:52 | userInput | fastify.js:31:21:31:50 | request ... ization | fastify.js:32:44:32:52 | userInput | This code execution depends on a $@. | fastify.js:31:21:31:50 | request ... ization | user-provided value |
| fastify.js:38:44:38:52 | userInput | fastify.js:37:21:37:33 | request.query | fastify.js:38:44:38:52 | userInput | This code execution depends on a $@. | fastify.js:37:21:37:33 | request.query | user-provided value |
| fastify.js:38:44:38:52 | userInput | fastify.js:37:21:37:44 | request ... esponse | fastify.js:38:44:38:52 | userInput | This code execution depends on a $@. | fastify.js:37:21:37:44 | request ... esponse | user-provided value |
| fastify.js:43:44:43:52 | userInput | fastify.js:42:21:42:33 | request.query | fastify.js:43:44:43:52 | userInput | This code execution depends on a $@. | fastify.js:42:21:42:33 | request.query | user-provided value |
| fastify.js:43:44:43:52 | userInput | fastify.js:42:21:42:41 | request ... onError | fastify.js:43:44:43:52 | userInput | This code execution depends on a $@. | fastify.js:42:21:42:41 | request ... onError | user-provided value |
| fastify.js:48:44:48:52 | userInput | fastify.js:47:21:47:33 | request.query | fastify.js:48:44:48:52 | userInput | This code execution depends on a $@. | fastify.js:47:21:47:33 | request.query | user-provided value |
| fastify.js:48:44:48:52 | userInput | fastify.js:47:21:47:43 | request ... Timeout | fastify.js:48:44:48:52 | userInput | This code execution depends on a $@. | fastify.js:47:21:47:43 | request ... Timeout | user-provided value |
| fastify.js:53:46:53:54 | userInput | fastify.js:52:23:52:35 | request.query | fastify.js:53:46:53:54 | userInput | This code execution depends on a $@. | fastify.js:52:23:52:35 | request.query | user-provided value |
| fastify.js:53:46:53:54 | userInput | fastify.js:52:23:52:50 | request ... stAbort | fastify.js:53:46:53:54 | userInput | This code execution depends on a $@. | fastify.js:52:23:52:50 | request ... stAbort | user-provided value |
| fastify.js:58:44:58:52 | userInput | fastify.js:57:21:57:33 | request.query | fastify.js:58:44:58:52 | userInput | This code execution depends on a $@. | fastify.js:57:21:57:33 | request.query | user-provided value |
| fastify.js:58:44:58:52 | userInput | fastify.js:57:21:57:39 | request.query.input | fastify.js:58:44:58:52 | userInput | This code execution depends on a $@. | fastify.js:57:21:57:39 | request.query.input | user-provided value |
| fastify.js:59:23:59:31 | userInput | fastify.js:57:21:57:33 | request.query | fastify.js:59:23:59:31 | userInput | This code execution depends on a $@. | fastify.js:57:21:57:33 | request.query | user-provided value |
| fastify.js:59:23:59:31 | userInput | fastify.js:57:21:57:39 | request.query.input | fastify.js:59:23:59:31 | userInput | This code execution depends on a $@. | fastify.js:57:21:57:39 | request.query.input | user-provided value |
| fastify.js:71:34:71:51 | request.storedCode | fastify.js:66:24:66:36 | request.query | fastify.js:71:34:71:51 | request.storedCode | This code execution depends on a $@. | fastify.js:66:24:66:36 | request.query | user-provided value |
| fastify.js:71:34:71:51 | request.storedCode | fastify.js:66:24:66:47 | request ... redCode | fastify.js:71:34:71:51 | request.storedCode | This code execution depends on a $@. | fastify.js:66:24:66:47 | request ... redCode | user-provided value |
| fastify.js:84:30:84:43 | reply.userCode | fastify.js:79:20:79:32 | request.query | fastify.js:84:30:84:43 | reply.userCode | This code execution depends on a $@. | fastify.js:79:20:79:32 | request.query | user-provided value |
| fastify.js:84:30:84:43 | reply.userCode | fastify.js:79:20:79:42 | request ... plyCode | fastify.js:84:30:84:43 | reply.userCode | This code execution depends on a $@. | fastify.js:79:20:79:42 | request ... plyCode | user-provided value |
| fastify.js:99:30:99:52 | reply.l ... tedCode | fastify.js:94:29:94:41 | request.query | fastify.js:99:30:99:52 | reply.l ... tedCode | This code execution depends on a $@. | fastify.js:94:29:94:41 | request.query | user-provided value |
| fastify.js:99:30:99:52 | reply.l ... tedCode | fastify.js:94:29:94:51 | request ... plyCode | fastify.js:99:30:99:52 | reply.l ... tedCode | This code execution depends on a $@. | fastify.js:94:29:94:51 | request ... plyCode | user-provided value |
| fastify.js:107:23:107:31 | userInput | fastify.js:106:21:106:33 | request.query | fastify.js:107:23:107:31 | userInput | This code execution depends on a $@. | fastify.js:106:21:106:33 | request.query | user-provided value |
| fastify.js:107:23:107:31 | userInput | fastify.js:106:21:106:38 | request.query.code | fastify.js:107:23:107:31 | userInput | This code execution depends on a $@. | fastify.js:106:21:106:38 | request.query.code | user-provided value |
| fastify.js:108:28:108:50 | reply.l ... tedCode | fastify.js:94:29:94:41 | request.query | fastify.js:108:28:108:50 | reply.l ... tedCode | This code execution depends on a $@. | fastify.js:94:29:94:41 | request.query | user-provided value |
| fastify.js:108:28:108:50 | reply.l ... tedCode | fastify.js:94:29:94:51 | request ... plyCode | fastify.js:108:28:108:50 | reply.l ... tedCode | This code execution depends on a $@. | fastify.js:94:29:94:51 | request ... plyCode | user-provided value |
| graph-ql.js:20:19:20:22 | expr | graph-ql.js:28:32:28:39 | req.body | graph-ql.js:20:19:20:22 | expr | This code execution depends on a $@. | graph-ql.js:28:32:28:39 | req.body | user-provided value |
| graph-ql.js:39:19:39:30 | name + title | graph-ql.js:28:32:28:39 | req.body | graph-ql.js:39:19:39:30 | name + title | This code execution depends on a $@. | graph-ql.js:28:32:28:39 | req.body | user-provided value |
| graph-ql.js:66:23:66:27 | value | graph-ql.js:65:22:65:30 | { value } | graph-ql.js:66:23:66:27 | value | This code execution depends on a $@. | graph-ql.js:65:22:65:30 | { value } | user-provided value |
| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | This code execution depends on a $@. | module.js:9:16:9:29 | req.query.code | user-provided value |
| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | This code execution depends on a $@. | module.js:11:17:11:30 | req.query.code | user-provided value |
| react-native.js:8:32:8:38 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:8:32:8:38 | tainted | This code execution depends on a $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
| react-native.js:10:23:10:29 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:10:23:10:29 | tainted | This code execution depends on a $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
| react.js:11:56:11:77 | documen ... on.hash | react.js:11:56:11:77 | documen ... on.hash | react.js:11:56:11:77 | documen ... on.hash | This code execution depends on a $@. | react.js:11:56:11:77 | documen ... on.hash | user-provided value |
| react.js:25:8:25:11 | data | react-server-function.js:3:35:3:35 | x | react.js:25:8:25:11 | data | This code execution depends on a $@. | react-server-function.js:3:35:3:35 | x | user-provided value |
| template-sinks.js:20:17:20:23 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:20:17:20:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:21:16:21:22 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:21:16:21:22 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:22:18:22:24 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:22:18:22:24 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:23:17:23:23 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:23:17:23:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:24:18:24:24 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:24:18:24:24 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:25:16:25:22 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:25:16:25:22 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:26:27:26:33 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:26:27:26:33 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:27:21:27:27 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:27:21:27:27 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:28:17:28:23 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:28:17:28:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:29:24:29:30 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:29:24:29:30 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:30:21:30:27 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:30:21:30:27 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:31:19:31:25 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:31:19:31:25 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:32:16:32:22 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:32:16:32:22 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| template-sinks.js:33:17:33:23 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:33:17:33:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
| tst.js:1:6:1:83 | documen ... t=")+8) | tst.js:1:6:1:27 | documen ... on.href | tst.js:1:6:1:83 | documen ... t=")+8) | This code execution depends on a $@. | tst.js:1:6:1:27 | documen ... on.href | user-provided value |
| tst.js:3:12:3:33 | documen ... on.hash | tst.js:3:12:3:33 | documen ... on.hash | tst.js:3:12:3:33 | documen ... on.hash | This code execution depends on a $@. | tst.js:3:12:3:33 | documen ... on.hash | user-provided value |
| tst.js:11:10:11:74 | documen ... , "$1") | tst.js:11:10:11:33 | documen ... .search | tst.js:11:10:11:74 | documen ... , "$1") | This code execution depends on a $@. | tst.js:11:10:11:33 | documen ... .search | user-provided value |
| tst.js:13:21:13:42 | documen ... on.hash | tst.js:13:21:13:42 | documen ... on.hash | tst.js:13:21:13:42 | documen ... on.hash | This code execution depends on a $@. | tst.js:13:21:13:42 | documen ... on.hash | user-provided value |
| tst.js:15:30:15:51 | documen ... on.hash | tst.js:15:30:15:51 | documen ... on.hash | tst.js:15:30:15:51 | documen ... on.hash | This code execution depends on a $@. | tst.js:15:30:15:51 | documen ... on.hash | user-provided value |
| tst.js:17:6:17:46 | atob(do ... ing(1)) | tst.js:17:11:17:32 | documen ... on.hash | tst.js:17:6:17:46 | atob(do ... ing(1)) | This code execution depends on a $@. | tst.js:17:11:17:32 | documen ... on.hash | user-provided value |
| tst.js:19:26:19:53 | locatio ... ring(1) | tst.js:19:26:19:40 | location.search | tst.js:19:26:19:53 | locatio ... ring(1) | This code execution depends on a $@. | tst.js:19:26:19:40 | location.search | user-provided value |
| tst.js:24:18:24:23 | source | tst.js:22:18:22:41 | documen ... .search | tst.js:24:18:24:23 | source | This code execution depends on a $@. | tst.js:22:18:22:41 | documen ... .search | user-provided value |
| tst.js:26:14:26:19 | source | tst.js:22:18:22:41 | documen ... .search | tst.js:26:14:26:19 | source | This code execution depends on a $@. | tst.js:22:18:22:41 | documen ... .search | user-provided value |
| tst.js:28:28:28:33 | source | tst.js:22:18:22:41 | documen ... .search | tst.js:28:28:28:33 | source | This code execution depends on a $@. | tst.js:22:18:22:41 | documen ... .search | user-provided value |
| tst.js:30:33:30:38 | source | tst.js:22:18:22:41 | documen ... .search | tst.js:30:33:30:38 | source | This code execution depends on a $@. | tst.js:22:18:22:41 | documen ... .search | user-provided value |
| webix/webix.html:3:16:3:37 | documen ... on.hash | webix/webix.html:3:16:3:37 | documen ... on.hash | webix/webix.html:3:16:3:37 | documen ... on.hash | This code execution depends on a $@. | webix/webix.html:3:16:3:37 | documen ... on.hash | user-provided value |
| webix/webix.html:4:26:4:47 | documen ... on.hash | webix/webix.html:4:26:4:47 | documen ... on.hash | webix/webix.html:4:26:4:47 | documen ... on.hash | Template, which may contain code, depends on a $@. | webix/webix.html:4:26:4:47 | documen ... on.hash | user-provided value |
| webix/webix.html:5:47:5:68 | documen ... on.hash | webix/webix.html:5:47:5:68 | documen ... on.hash | webix/webix.html:5:47:5:68 | documen ... on.hash | Template, which may contain code, depends on a $@. | webix/webix.html:5:47:5:68 | documen ... on.hash | user-provided value |
| webix/webix.js:3:12:3:33 | documen ... on.hash | webix/webix.js:3:12:3:33 | documen ... on.hash | webix/webix.js:3:12:3:33 | documen ... on.hash | This code execution depends on a $@. | webix/webix.js:3:12:3:33 | documen ... on.hash | user-provided value |
| webix/webix.js:4:22:4:43 | documen ... on.hash | webix/webix.js:4:22:4:43 | documen ... on.hash | webix/webix.js:4:22:4:43 | documen ... on.hash | Template, which may contain code, depends on a $@. | webix/webix.js:4:22:4:43 | documen ... on.hash | user-provided value |
| webix/webix.js:5:43:5:64 | documen ... on.hash | webix/webix.js:5:43:5:64 | documen ... on.hash | webix/webix.js:5:43:5:64 | documen ... on.hash | Template, which may contain code, depends on a $@. | webix/webix.js:5:43:5:64 | documen ... on.hash | user-provided value |
edges
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | provenance |  |
| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | provenance |  |
| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | provenance |  |
| express.js:6:44:6:62 | req.param("wobble") | express.js:6:24:6:69 | "return ...  + "];" | provenance |  |
| express.js:7:54:7:72 | req.param("wobble") | express.js:7:34:7:79 | "return ...  + "];" | provenance |  |
| express.js:9:28:9:46 | req.param("wobble") | express.js:9:8:9:53 | "return ...  + "];" | provenance |  |
| express.js:19:9:19:13 | taint | express.js:20:34:20:38 | taint | provenance |  |
| express.js:19:17:19:35 | req.param("wobble") | express.js:19:9:19:13 | taint | provenance |  |
| express.js:27:9:27:13 | taint | express.js:36:15:36:19 | taint | provenance |  |
| express.js:27:17:27:35 | req.param("wobble") | express.js:27:9:27:13 | taint | provenance |  |
| express.js:42:30:42:32 | msg | express.js:43:10:43:12 | msg | provenance |  |
| fastify.js:4:9:4:17 | userInput | fastify.js:5:44:5:52 | userInput | provenance |  |
| fastify.js:4:21:4:33 | request.query | fastify.js:4:9:4:17 | userInput | provenance |  |
| fastify.js:4:21:4:43 | request ... Request | fastify.js:4:9:4:17 | userInput | provenance |  |
| fastify.js:9:9:9:17 | userInput | fastify.js:10:44:10:52 | userInput | provenance |  |
| fastify.js:9:21:9:33 | request.query | fastify.js:9:9:9:17 | userInput | provenance |  |
| fastify.js:9:21:9:40 | request.query.onSend | fastify.js:9:9:9:17 | userInput | provenance |  |
| fastify.js:15:9:15:17 | userInput | fastify.js:16:44:16:52 | userInput | provenance |  |
| fastify.js:15:21:15:33 | request.query | fastify.js:15:9:15:17 | userInput | provenance |  |
| fastify.js:15:21:15:44 | request ... Parsing | fastify.js:15:9:15:17 | userInput | provenance |  |
| fastify.js:21:9:21:17 | userInput | fastify.js:22:44:22:52 | userInput | provenance |  |
| fastify.js:21:21:21:33 | request.query | fastify.js:21:9:21:17 | userInput | provenance |  |
| fastify.js:21:21:21:47 | request ... idation | fastify.js:21:9:21:17 | userInput | provenance |  |
| fastify.js:26:9:26:17 | userInput | fastify.js:27:44:27:52 | userInput | provenance |  |
| fastify.js:26:21:26:33 | request.query | fastify.js:26:9:26:17 | userInput | provenance |  |
| fastify.js:26:21:26:44 | request ... Handler | fastify.js:26:9:26:17 | userInput | provenance |  |
| fastify.js:31:9:31:17 | userInput | fastify.js:32:44:32:52 | userInput | provenance |  |
| fastify.js:31:21:31:33 | request.query | fastify.js:31:9:31:17 | userInput | provenance |  |
| fastify.js:31:21:31:50 | request ... ization | fastify.js:31:9:31:17 | userInput | provenance |  |
| fastify.js:37:9:37:17 | userInput | fastify.js:38:44:38:52 | userInput | provenance |  |
| fastify.js:37:21:37:33 | request.query | fastify.js:37:9:37:17 | userInput | provenance |  |
| fastify.js:37:21:37:44 | request ... esponse | fastify.js:37:9:37:17 | userInput | provenance |  |
| fastify.js:42:9:42:17 | userInput | fastify.js:43:44:43:52 | userInput | provenance |  |
| fastify.js:42:21:42:33 | request.query | fastify.js:42:9:42:17 | userInput | provenance |  |
| fastify.js:42:21:42:41 | request ... onError | fastify.js:42:9:42:17 | userInput | provenance |  |
| fastify.js:47:9:47:17 | userInput | fastify.js:48:44:48:52 | userInput | provenance |  |
| fastify.js:47:21:47:33 | request.query | fastify.js:47:9:47:17 | userInput | provenance |  |
| fastify.js:47:21:47:43 | request ... Timeout | fastify.js:47:9:47:17 | userInput | provenance |  |
| fastify.js:52:11:52:19 | userInput | fastify.js:53:46:53:54 | userInput | provenance |  |
| fastify.js:52:23:52:35 | request.query | fastify.js:52:11:52:19 | userInput | provenance |  |
| fastify.js:52:23:52:50 | request ... stAbort | fastify.js:52:11:52:19 | userInput | provenance |  |
| fastify.js:57:9:57:17 | userInput | fastify.js:58:44:58:52 | userInput | provenance |  |
| fastify.js:57:9:57:17 | userInput | fastify.js:59:23:59:31 | userInput | provenance |  |
| fastify.js:57:21:57:33 | request.query | fastify.js:57:9:57:17 | userInput | provenance |  |
| fastify.js:57:21:57:39 | request.query.input | fastify.js:57:9:57:17 | userInput | provenance |  |
| fastify.js:66:24:66:36 | request.query | fastify.js:66:24:66:47 | request ... redCode | provenance |  |
| fastify.js:66:24:66:47 | request ... redCode | fastify.js:71:34:71:51 | request.storedCode | provenance |  |
| fastify.js:79:20:79:32 | request.query | fastify.js:79:20:79:42 | request ... plyCode | provenance |  |
| fastify.js:79:20:79:42 | request ... plyCode | fastify.js:84:30:84:43 | reply.userCode | provenance |  |
| fastify.js:94:29:94:41 | request.query | fastify.js:94:29:94:51 | request ... plyCode | provenance |  |
| fastify.js:94:29:94:51 | request ... plyCode | fastify.js:99:30:99:52 | reply.l ... tedCode | provenance |  |
| fastify.js:94:29:94:51 | request ... plyCode | fastify.js:108:28:108:50 | reply.l ... tedCode | provenance |  |
| fastify.js:106:9:106:17 | userInput | fastify.js:107:23:107:31 | userInput | provenance |  |
| fastify.js:106:21:106:33 | request.query | fastify.js:106:9:106:17 | userInput | provenance |  |
| fastify.js:106:21:106:38 | request.query.code | fastify.js:106:9:106:17 | userInput | provenance |  |
| graph-ql.js:18:10:18:17 | { expr } | graph-ql.js:18:12:18:15 | expr | provenance |  |
| graph-ql.js:18:12:18:15 | expr | graph-ql.js:20:19:20:22 | expr | provenance |  |
| graph-ql.js:28:9:28:28 | { query, variables } | graph-ql.js:28:11:28:15 | query | provenance |  |
| graph-ql.js:28:9:28:28 | { query, variables } | graph-ql.js:28:18:28:26 | variables | provenance |  |
| graph-ql.js:28:11:28:15 | query | graph-ql.js:31:13:31:17 | query | provenance |  |
| graph-ql.js:28:18:28:26 | variables | graph-ql.js:33:21:33:29 | variables | provenance |  |
| graph-ql.js:28:18:28:26 | variables | graph-ql.js:54:21:54:29 | variables | provenance |  |
| graph-ql.js:28:32:28:39 | req.body | graph-ql.js:28:9:28:28 | { query, variables } | provenance |  |
| graph-ql.js:31:13:31:17 | query | graph-ql.js:18:10:18:17 | { expr } | provenance |  |
| graph-ql.js:33:21:33:29 | variables | graph-ql.js:18:10:18:17 | { expr } | provenance |  |
| graph-ql.js:38:13:38:27 | { name, title } | graph-ql.js:38:15:38:18 | name | provenance |  |
| graph-ql.js:38:13:38:27 | { name, title } | graph-ql.js:38:21:38:25 | title | provenance |  |
| graph-ql.js:38:15:38:18 | name | graph-ql.js:39:19:39:22 | name | provenance |  |
| graph-ql.js:38:21:38:25 | title | graph-ql.js:39:26:39:30 | title | provenance |  |
| graph-ql.js:39:19:39:22 | name | graph-ql.js:39:19:39:30 | name + title | provenance |  |
| graph-ql.js:39:26:39:30 | title | graph-ql.js:39:19:39:30 | name + title | provenance |  |
| graph-ql.js:54:21:54:29 | variables | graph-ql.js:38:13:38:27 | { name, title } | provenance |  |
| graph-ql.js:65:22:65:30 | { value } | graph-ql.js:65:24:65:28 | value | provenance |  |
| graph-ql.js:65:24:65:28 | value | graph-ql.js:66:23:66:27 | value | provenance |  |
| react-native.js:7:7:7:13 | tainted | react-native.js:8:32:8:38 | tainted | provenance |  |
| react-native.js:7:7:7:13 | tainted | react-native.js:10:23:10:29 | tainted | provenance |  |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:13 | tainted | provenance |  |
| react-server-function.js:3:35:3:35 | x | react-server-function.js:4:12:4:12 | x | provenance |  |
| react-server-function.js:4:12:4:12 | x | react-server-function.js:4:12:4:29 | x + " from server" | provenance |  |
| react-server-function.js:4:12:4:29 | x + " from server" | react.js:24:20:24:44 | echoSer ... value") [PromiseValue] | provenance |  |
| react.js:24:9:24:12 | data | react.js:25:8:25:11 | data | provenance |  |
| react.js:24:16:24:45 | use(ech ... alue")) | react.js:24:9:24:12 | data | provenance |  |
| react.js:24:20:24:44 | echoSer ... value") [PromiseValue] | react.js:24:16:24:45 | use(ech ... alue")) | provenance |  |
| template-sinks.js:18:9:18:15 | tainted | template-sinks.js:20:17:20:23 | tainted | provenance |  |
| template-sinks.js:18:9:18:15 | tainted | template-sinks.js:21:16:21:22 | tainted | provenance |  |
| template-sinks.js:18:9:18:15 | tainted | template-sinks.js:22:18:22:24 | tainted | provenance |  |
| template-sinks.js:18:9:18:15 | tainted | template-sinks.js:23:17:23:23 | tainted | provenance |  |
| template-sinks.js:18:9:18:15 | tainted | template-sinks.js:24:18:24:24 | tainted | provenance |  |
| template-sinks.js:18:9:18:15 | tainted | template-sinks.js:25:16:25:22 | tainted | provenance |  |
| template-sinks.js:18:9:18:15 | tainted | template-sinks.js:26:27:26:33 | tainted | provenance |  |
| template-sinks.js:18:9:18:15 | tainted | template-sinks.js:27:21:27:27 | tainted | provenance |  |
| template-sinks.js:18:9:18:15 | tainted | template-sinks.js:28:17:28:23 | tainted | provenance |  |
| template-sinks.js:18:9:18:15 | tainted | template-sinks.js:29:24:29:30 | tainted | provenance |  |
| template-sinks.js:18:9:18:15 | tainted | template-sinks.js:30:21:30:27 | tainted | provenance |  |
| template-sinks.js:18:9:18:15 | tainted | template-sinks.js:31:19:31:25 | tainted | provenance |  |
| template-sinks.js:18:9:18:15 | tainted | template-sinks.js:32:16:32:22 | tainted | provenance |  |
| template-sinks.js:18:9:18:15 | tainted | template-sinks.js:33:17:33:23 | tainted | provenance |  |
| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:15 | tainted | provenance |  |
| tst.js:1:6:1:27 | documen ... on.href | tst.js:1:6:1:83 | documen ... t=")+8) | provenance |  |
| tst.js:11:10:11:33 | documen ... .search | tst.js:11:10:11:74 | documen ... , "$1") | provenance |  |
| tst.js:17:11:17:32 | documen ... on.hash | tst.js:17:11:17:45 | documen ... ring(1) | provenance |  |
| tst.js:17:11:17:45 | documen ... ring(1) | tst.js:17:6:17:46 | atob(do ... ing(1)) | provenance |  |
| tst.js:19:26:19:40 | location.search | tst.js:19:26:19:53 | locatio ... ring(1) | provenance |  |
| tst.js:22:9:22:14 | source | tst.js:24:18:24:23 | source | provenance |  |
| tst.js:22:9:22:14 | source | tst.js:26:14:26:19 | source | provenance |  |
| tst.js:22:9:22:14 | source | tst.js:28:28:28:33 | source | provenance |  |
| tst.js:22:9:22:14 | source | tst.js:30:33:30:38 | source | provenance |  |
| tst.js:22:18:22:41 | documen ... .search | tst.js:22:18:22:82 | documen ... , "$1") | provenance |  |
| tst.js:22:18:22:82 | documen ... , "$1") | tst.js:22:9:22:14 | source | provenance |  |
nodes
| NoSQLCodeInjection.js:18:24:18:31 | req.body | semmle.label | req.body |
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | semmle.label | req.body.query |
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | semmle.label | "name = ... dy.name |
| NoSQLCodeInjection.js:19:36:19:43 | req.body | semmle.label | req.body |
| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | semmle.label | "name = ... dy.name |
| NoSQLCodeInjection.js:22:36:22:43 | req.body | semmle.label | req.body |
| actions.js:4:10:4:50 | github. ... message | semmle.label | github. ... message |
| angularjs.js:10:22:10:36 | location.search | semmle.label | location.search |
| angularjs.js:13:23:13:37 | location.search | semmle.label | location.search |
| angularjs.js:16:28:16:42 | location.search | semmle.label | location.search |
| angularjs.js:19:22:19:36 | location.search | semmle.label | location.search |
| angularjs.js:22:27:22:41 | location.search | semmle.label | location.search |
| angularjs.js:25:23:25:37 | location.search | semmle.label | location.search |
| angularjs.js:28:33:28:47 | location.search | semmle.label | location.search |
| angularjs.js:31:28:31:42 | location.search | semmle.label | location.search |
| angularjs.js:34:18:34:32 | location.search | semmle.label | location.search |
| angularjs.js:40:18:40:32 | location.search | semmle.label | location.search |
| angularjs.js:44:17:44:31 | location.search | semmle.label | location.search |
| angularjs.js:47:16:47:30 | location.search | semmle.label | location.search |
| angularjs.js:50:22:50:36 | location.search | semmle.label | location.search |
| angularjs.js:53:32:53:46 | location.search | semmle.label | location.search |
| express.js:6:24:6:69 | "return ...  + "];" | semmle.label | "return ...  + "];" |
| express.js:6:44:6:62 | req.param("wobble") | semmle.label | req.param("wobble") |
| express.js:7:34:7:79 | "return ...  + "];" | semmle.label | "return ...  + "];" |
| express.js:7:54:7:72 | req.param("wobble") | semmle.label | req.param("wobble") |
| express.js:9:8:9:53 | "return ...  + "];" | semmle.label | "return ...  + "];" |
| express.js:9:28:9:46 | req.param("wobble") | semmle.label | req.param("wobble") |
| express.js:11:22:11:54 | req.par ... ction") | semmle.label | req.par ... ction") |
| express.js:12:30:12:53 | req.par ... cript") | semmle.label | req.par ... cript") |
| express.js:13:37:13:70 | req.par ... odule") | semmle.label | req.par ... odule") |
| express.js:14:19:14:48 | req.par ... ntext") | semmle.label | req.par ... ntext") |
| express.js:19:9:19:13 | taint | semmle.label | taint |
| express.js:19:17:19:35 | req.param("wobble") | semmle.label | req.param("wobble") |
| express.js:20:34:20:38 | taint | semmle.label | taint |
| express.js:27:9:27:13 | taint | semmle.label | taint |
| express.js:27:17:27:35 | req.param("wobble") | semmle.label | req.param("wobble") |
| express.js:36:15:36:19 | taint | semmle.label | taint |
| express.js:42:30:42:32 | msg | semmle.label | msg |
| express.js:43:10:43:12 | msg | semmle.label | msg |
| fastify.js:4:9:4:17 | userInput | semmle.label | userInput |
| fastify.js:4:21:4:33 | request.query | semmle.label | request.query |
| fastify.js:4:21:4:43 | request ... Request | semmle.label | request ... Request |
| fastify.js:5:44:5:52 | userInput | semmle.label | userInput |
| fastify.js:9:9:9:17 | userInput | semmle.label | userInput |
| fastify.js:9:21:9:33 | request.query | semmle.label | request.query |
| fastify.js:9:21:9:40 | request.query.onSend | semmle.label | request.query.onSend |
| fastify.js:10:44:10:52 | userInput | semmle.label | userInput |
| fastify.js:15:9:15:17 | userInput | semmle.label | userInput |
| fastify.js:15:21:15:33 | request.query | semmle.label | request.query |
| fastify.js:15:21:15:44 | request ... Parsing | semmle.label | request ... Parsing |
| fastify.js:16:44:16:52 | userInput | semmle.label | userInput |
| fastify.js:21:9:21:17 | userInput | semmle.label | userInput |
| fastify.js:21:21:21:33 | request.query | semmle.label | request.query |
| fastify.js:21:21:21:47 | request ... idation | semmle.label | request ... idation |
| fastify.js:22:44:22:52 | userInput | semmle.label | userInput |
| fastify.js:26:9:26:17 | userInput | semmle.label | userInput |
| fastify.js:26:21:26:33 | request.query | semmle.label | request.query |
| fastify.js:26:21:26:44 | request ... Handler | semmle.label | request ... Handler |
| fastify.js:27:44:27:52 | userInput | semmle.label | userInput |
| fastify.js:31:9:31:17 | userInput | semmle.label | userInput |
| fastify.js:31:21:31:33 | request.query | semmle.label | request.query |
| fastify.js:31:21:31:50 | request ... ization | semmle.label | request ... ization |
| fastify.js:32:44:32:52 | userInput | semmle.label | userInput |
| fastify.js:37:9:37:17 | userInput | semmle.label | userInput |
| fastify.js:37:21:37:33 | request.query | semmle.label | request.query |
| fastify.js:37:21:37:44 | request ... esponse | semmle.label | request ... esponse |
| fastify.js:38:44:38:52 | userInput | semmle.label | userInput |
| fastify.js:42:9:42:17 | userInput | semmle.label | userInput |
| fastify.js:42:21:42:33 | request.query | semmle.label | request.query |
| fastify.js:42:21:42:41 | request ... onError | semmle.label | request ... onError |
| fastify.js:43:44:43:52 | userInput | semmle.label | userInput |
| fastify.js:47:9:47:17 | userInput | semmle.label | userInput |
| fastify.js:47:21:47:33 | request.query | semmle.label | request.query |
| fastify.js:47:21:47:43 | request ... Timeout | semmle.label | request ... Timeout |
| fastify.js:48:44:48:52 | userInput | semmle.label | userInput |
| fastify.js:52:11:52:19 | userInput | semmle.label | userInput |
| fastify.js:52:23:52:35 | request.query | semmle.label | request.query |
| fastify.js:52:23:52:50 | request ... stAbort | semmle.label | request ... stAbort |
| fastify.js:53:46:53:54 | userInput | semmle.label | userInput |
| fastify.js:57:9:57:17 | userInput | semmle.label | userInput |
| fastify.js:57:21:57:33 | request.query | semmle.label | request.query |
| fastify.js:57:21:57:39 | request.query.input | semmle.label | request.query.input |
| fastify.js:58:44:58:52 | userInput | semmle.label | userInput |
| fastify.js:59:23:59:31 | userInput | semmle.label | userInput |
| fastify.js:66:24:66:36 | request.query | semmle.label | request.query |
| fastify.js:66:24:66:47 | request ... redCode | semmle.label | request ... redCode |
| fastify.js:71:34:71:51 | request.storedCode | semmle.label | request.storedCode |
| fastify.js:79:20:79:32 | request.query | semmle.label | request.query |
| fastify.js:79:20:79:42 | request ... plyCode | semmle.label | request ... plyCode |
| fastify.js:84:30:84:43 | reply.userCode | semmle.label | reply.userCode |
| fastify.js:94:29:94:41 | request.query | semmle.label | request.query |
| fastify.js:94:29:94:51 | request ... plyCode | semmle.label | request ... plyCode |
| fastify.js:99:30:99:52 | reply.l ... tedCode | semmle.label | reply.l ... tedCode |
| fastify.js:106:9:106:17 | userInput | semmle.label | userInput |
| fastify.js:106:21:106:33 | request.query | semmle.label | request.query |
| fastify.js:106:21:106:38 | request.query.code | semmle.label | request.query.code |
| fastify.js:107:23:107:31 | userInput | semmle.label | userInput |
| fastify.js:108:28:108:50 | reply.l ... tedCode | semmle.label | reply.l ... tedCode |
| graph-ql.js:18:10:18:17 | { expr } | semmle.label | { expr } |
| graph-ql.js:18:12:18:15 | expr | semmle.label | expr |
| graph-ql.js:20:19:20:22 | expr | semmle.label | expr |
| graph-ql.js:28:9:28:28 | { query, variables } | semmle.label | { query, variables } |
| graph-ql.js:28:11:28:15 | query | semmle.label | query |
| graph-ql.js:28:18:28:26 | variables | semmle.label | variables |
| graph-ql.js:28:32:28:39 | req.body | semmle.label | req.body |
| graph-ql.js:31:13:31:17 | query | semmle.label | query |
| graph-ql.js:33:21:33:29 | variables | semmle.label | variables |
| graph-ql.js:38:13:38:27 | { name, title } | semmle.label | { name, title } |
| graph-ql.js:38:15:38:18 | name | semmle.label | name |
| graph-ql.js:38:21:38:25 | title | semmle.label | title |
| graph-ql.js:39:19:39:22 | name | semmle.label | name |
| graph-ql.js:39:19:39:30 | name + title | semmle.label | name + title |
| graph-ql.js:39:26:39:30 | title | semmle.label | title |
| graph-ql.js:54:21:54:29 | variables | semmle.label | variables |
| graph-ql.js:65:22:65:30 | { value } | semmle.label | { value } |
| graph-ql.js:65:24:65:28 | value | semmle.label | value |
| graph-ql.js:66:23:66:27 | value | semmle.label | value |
| module.js:9:16:9:29 | req.query.code | semmle.label | req.query.code |
| module.js:11:17:11:30 | req.query.code | semmle.label | req.query.code |
| react-native.js:7:7:7:13 | tainted | semmle.label | tainted |
| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") |
| react-native.js:8:32:8:38 | tainted | semmle.label | tainted |
| react-native.js:10:23:10:29 | tainted | semmle.label | tainted |
| react-server-function.js:3:35:3:35 | x | semmle.label | x |
| react-server-function.js:4:12:4:12 | x | semmle.label | x |
| react-server-function.js:4:12:4:29 | x + " from server" | semmle.label | x + " from server" |
| react.js:11:56:11:77 | documen ... on.hash | semmle.label | documen ... on.hash |
| react.js:24:9:24:12 | data | semmle.label | data |
| react.js:24:16:24:45 | use(ech ... alue")) | semmle.label | use(ech ... alue")) |
| react.js:24:20:24:44 | echoSer ... value") [PromiseValue] | semmle.label | echoSer ... value") [PromiseValue] |
| react.js:25:8:25:11 | data | semmle.label | data |
| template-sinks.js:18:9:18:15 | tainted | semmle.label | tainted |
| template-sinks.js:18:19:18:31 | req.query.foo | semmle.label | req.query.foo |
| template-sinks.js:20:17:20:23 | tainted | semmle.label | tainted |
| template-sinks.js:21:16:21:22 | tainted | semmle.label | tainted |
| template-sinks.js:22:18:22:24 | tainted | semmle.label | tainted |
| template-sinks.js:23:17:23:23 | tainted | semmle.label | tainted |
| template-sinks.js:24:18:24:24 | tainted | semmle.label | tainted |
| template-sinks.js:25:16:25:22 | tainted | semmle.label | tainted |
| template-sinks.js:26:27:26:33 | tainted | semmle.label | tainted |
| template-sinks.js:27:21:27:27 | tainted | semmle.label | tainted |
| template-sinks.js:28:17:28:23 | tainted | semmle.label | tainted |
| template-sinks.js:29:24:29:30 | tainted | semmle.label | tainted |
| template-sinks.js:30:21:30:27 | tainted | semmle.label | tainted |
| template-sinks.js:31:19:31:25 | tainted | semmle.label | tainted |
| template-sinks.js:32:16:32:22 | tainted | semmle.label | tainted |
| template-sinks.js:33:17:33:23 | tainted | semmle.label | tainted |
| tst.js:1:6:1:27 | documen ... on.href | semmle.label | documen ... on.href |
| tst.js:1:6:1:83 | documen ... t=")+8) | semmle.label | documen ... t=")+8) |
| tst.js:3:12:3:33 | documen ... on.hash | semmle.label | documen ... on.hash |
| tst.js:11:10:11:33 | documen ... .search | semmle.label | documen ... .search |
| tst.js:11:10:11:74 | documen ... , "$1") | semmle.label | documen ... , "$1") |
| tst.js:13:21:13:42 | documen ... on.hash | semmle.label | documen ... on.hash |
| tst.js:15:30:15:51 | documen ... on.hash | semmle.label | documen ... on.hash |
| tst.js:17:6:17:46 | atob(do ... ing(1)) | semmle.label | atob(do ... ing(1)) |
| tst.js:17:11:17:32 | documen ... on.hash | semmle.label | documen ... on.hash |
| tst.js:17:11:17:45 | documen ... ring(1) | semmle.label | documen ... ring(1) |
| tst.js:19:26:19:40 | location.search | semmle.label | location.search |
| tst.js:19:26:19:53 | locatio ... ring(1) | semmle.label | locatio ... ring(1) |
| tst.js:22:9:22:14 | source | semmle.label | source |
| tst.js:22:18:22:41 | documen ... .search | semmle.label | documen ... .search |
| tst.js:22:18:22:82 | documen ... , "$1") | semmle.label | documen ... , "$1") |
| tst.js:24:18:24:23 | source | semmle.label | source |
| tst.js:26:14:26:19 | source | semmle.label | source |
| tst.js:28:28:28:33 | source | semmle.label | source |
| tst.js:30:33:30:38 | source | semmle.label | source |
| webix/webix.html:3:16:3:37 | documen ... on.hash | semmle.label | documen ... on.hash |
| webix/webix.html:4:26:4:47 | documen ... on.hash | semmle.label | documen ... on.hash |
| webix/webix.html:5:47:5:68 | documen ... on.hash | semmle.label | documen ... on.hash |
| webix/webix.js:3:12:3:33 | documen ... on.hash | semmle.label | documen ... on.hash |
| webix/webix.js:4:22:4:43 | documen ... on.hash | semmle.label | documen ... on.hash |
| webix/webix.js:5:43:5:64 | documen ... on.hash | semmle.label | documen ... on.hash |
subpaths