hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b18de9e6417c60b51d2371c98394f4033d2683e4
codeql/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointData.expected
Stephan Brandauer ac097d5f2a fix now-broken tests
2022-09-01 16:05:35 +02:00

563 lines
52 KiB
Plaintext
Raw Blame History

endpoints
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | NosqlInjection | hasFlowFromSource | false | boolean |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | NosqlInjection | isConstantExpression | true | boolean |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | NosqlInjection | isExcludedFromEndToEndEvaluation | true | boolean |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | NosqlInjection | notASinkReason | LoggerMethod | string |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | NosqlInjection | sinkLabel | NotASink | string |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | SqlInjection | hasFlowFromSource | false | boolean |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | SqlInjection | isConstantExpression | true | boolean |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | SqlInjection | isExcludedFromEndToEndEvaluation | true | boolean |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | SqlInjection | notASinkReason | LoggerMethod | string |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | SqlInjection | sinkLabel | NotASink | string |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | TaintedPath | hasFlowFromSource | false | boolean |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | TaintedPath | isConstantExpression | true | boolean |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | TaintedPath | isExcludedFromEndToEndEvaluation | true | boolean |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | TaintedPath | notASinkReason | LoggerMethod | string |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | TaintedPath | sinkLabel | NotASink | string |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | Xss | hasFlowFromSource | false | boolean |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | Xss | isConstantExpression | true | boolean |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | Xss | isExcludedFromEndToEndEvaluation | true | boolean |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | Xss | notASinkReason | LoggerMethod | string |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | Xss | sinkLabel | NotASink | string |
| index.js:1:25:1:33 | "express" | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:1:25:1:33 | "express" | TaintedPath | isConstantExpression | true | boolean |
| index.js:1:25:1:33 | "express" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:1:25:1:33 | "express" | TaintedPath | sinkLabel | Sink | string |
| index.js:2:26:2:35 | 'mongoose' | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:2:26:2:35 | 'mongoose' | TaintedPath | isConstantExpression | true | boolean |
| index.js:2:26:2:35 | 'mongoose' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:2:26:2:35 | 'mongoose' | TaintedPath | sinkLabel | Sink | string |
| index.js:3:29:3:34 | 'User' | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:3:29:3:34 | 'User' | NosqlInjection | isConstantExpression | true | boolean |
| index.js:3:29:3:34 | 'User' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:3:29:3:34 | 'User' | NosqlInjection | sinkLabel | Unknown | string |
| index.js:3:29:3:34 | 'User' | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:3:29:3:34 | 'User' | SqlInjection | isConstantExpression | true | boolean |
| index.js:3:29:3:34 | 'User' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:3:29:3:34 | 'User' | SqlInjection | sinkLabel | Unknown | string |
| index.js:3:29:3:34 | 'User' | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:3:29:3:34 | 'User' | TaintedPath | isConstantExpression | true | boolean |
| index.js:3:29:3:34 | 'User' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:3:29:3:34 | 'User' | TaintedPath | sinkLabel | Unknown | string |
| index.js:3:29:3:34 | 'User' | Xss | hasFlowFromSource | false | boolean |
| index.js:3:29:3:34 | 'User' | Xss | isConstantExpression | true | boolean |
| index.js:3:29:3:34 | 'User' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:3:29:3:34 | 'User' | Xss | sinkLabel | Unknown | string |
| index.js:3:37:3:40 | null | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:3:37:3:40 | null | NosqlInjection | isConstantExpression | true | boolean |
| index.js:3:37:3:40 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:3:37:3:40 | null | NosqlInjection | sinkLabel | Unknown | string |
| index.js:3:37:3:40 | null | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:3:37:3:40 | null | SqlInjection | isConstantExpression | true | boolean |
| index.js:3:37:3:40 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:3:37:3:40 | null | SqlInjection | sinkLabel | Unknown | string |
| index.js:3:37:3:40 | null | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:3:37:3:40 | null | TaintedPath | isConstantExpression | true | boolean |
| index.js:3:37:3:40 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:3:37:3:40 | null | TaintedPath | sinkLabel | Unknown | string |
| index.js:3:37:3:40 | null | Xss | hasFlowFromSource | false | boolean |
| index.js:3:37:3:40 | null | Xss | isConstantExpression | true | boolean |
| index.js:3:37:3:40 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:3:37:3:40 | null | Xss | sinkLabel | Unknown | string |
| index.js:8:12:8:21 | '/isAdmin' | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:8:12:8:21 | '/isAdmin' | NosqlInjection | isConstantExpression | true | boolean |
| index.js:8:12:8:21 | '/isAdmin' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:8:12:8:21 | '/isAdmin' | NosqlInjection | sinkLabel | Unknown | string |
| index.js:8:12:8:21 | '/isAdmin' | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:8:12:8:21 | '/isAdmin' | SqlInjection | isConstantExpression | true | boolean |
| index.js:8:12:8:21 | '/isAdmin' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:8:12:8:21 | '/isAdmin' | SqlInjection | sinkLabel | Unknown | string |
| index.js:8:12:8:21 | '/isAdmin' | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:8:12:8:21 | '/isAdmin' | TaintedPath | isConstantExpression | true | boolean |
| index.js:8:12:8:21 | '/isAdmin' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:8:12:8:21 | '/isAdmin' | TaintedPath | sinkLabel | Unknown | string |
| index.js:8:12:8:21 | '/isAdmin' | Xss | hasFlowFromSource | false | boolean |
| index.js:8:12:8:21 | '/isAdmin' | Xss | isConstantExpression | true | boolean |
| index.js:8:12:8:21 | '/isAdmin' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:8:12:8:21 | '/isAdmin' | Xss | sinkLabel | Unknown | string |
| index.js:8:24:10:3 | (req, r ... });\\n } | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:8:24:10:3 | (req, r ... });\\n } | NosqlInjection | isConstantExpression | false | boolean |
| index.js:8:24:10:3 | (req, r ... });\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:8:24:10:3 | (req, r ... });\\n } | NosqlInjection | sinkLabel | Unknown | string |
| index.js:8:24:10:3 | (req, r ... });\\n } | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:8:24:10:3 | (req, r ... });\\n } | SqlInjection | isConstantExpression | false | boolean |
| index.js:8:24:10:3 | (req, r ... });\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:8:24:10:3 | (req, r ... });\\n } | SqlInjection | sinkLabel | Unknown | string |
| index.js:8:24:10:3 | (req, r ... });\\n } | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:8:24:10:3 | (req, r ... });\\n } | TaintedPath | isConstantExpression | false | boolean |
| index.js:8:24:10:3 | (req, r ... });\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:8:24:10:3 | (req, r ... });\\n } | TaintedPath | sinkLabel | Unknown | string |
| index.js:8:24:10:3 | (req, r ... });\\n } | Xss | hasFlowFromSource | false | boolean |
| index.js:8:24:10:3 | (req, r ... });\\n } | Xss | isConstantExpression | false | boolean |
| index.js:8:24:10:3 | (req, r ... });\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:8:24:10:3 | (req, r ... });\\n } | Xss | sinkLabel | Unknown | string |
| index.js:9:15:9:45 | { 'isAd ... Admin } | NosqlInjection | hasFlowFromSource | true | boolean |
| index.js:9:15:9:45 | { 'isAd ... Admin } | NosqlInjection | isConstantExpression | false | boolean |
| index.js:9:15:9:45 | { 'isAd ... Admin } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:9:15:9:45 | { 'isAd ... Admin } | NosqlInjection | sinkLabel | Sink | string |
| index.js:9:28:9:43 | req.body.isAdmin | SqlInjection | hasFlowFromSource | true | boolean |
| index.js:9:28:9:43 | req.body.isAdmin | SqlInjection | isConstantExpression | false | boolean |
| index.js:9:28:9:43 | req.body.isAdmin | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:9:28:9:43 | req.body.isAdmin | SqlInjection | sinkLabel | Unknown | string |
| index.js:9:28:9:43 | req.body.isAdmin | TaintedPath | hasFlowFromSource | true | boolean |
| index.js:9:28:9:43 | req.body.isAdmin | TaintedPath | isConstantExpression | false | boolean |
| index.js:9:28:9:43 | req.body.isAdmin | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:9:28:9:43 | req.body.isAdmin | TaintedPath | sinkLabel | Unknown | string |
| index.js:9:28:9:43 | req.body.isAdmin | Xss | hasFlowFromSource | true | boolean |
| index.js:9:28:9:43 | req.body.isAdmin | Xss | isConstantExpression | false | boolean |
| index.js:9:28:9:43 | req.body.isAdmin | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:9:28:9:43 | req.body.isAdmin | Xss | sinkLabel | Unknown | string |
| index.js:14:12:14:21 | '/isAdmin' | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:14:12:14:21 | '/isAdmin' | NosqlInjection | isConstantExpression | true | boolean |
| index.js:14:12:14:21 | '/isAdmin' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:14:12:14:21 | '/isAdmin' | NosqlInjection | sinkLabel | Unknown | string |
| index.js:14:12:14:21 | '/isAdmin' | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:14:12:14:21 | '/isAdmin' | SqlInjection | isConstantExpression | true | boolean |
| index.js:14:12:14:21 | '/isAdmin' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:14:12:14:21 | '/isAdmin' | SqlInjection | sinkLabel | Unknown | string |
| index.js:14:12:14:21 | '/isAdmin' | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:14:12:14:21 | '/isAdmin' | TaintedPath | isConstantExpression | true | boolean |
| index.js:14:12:14:21 | '/isAdmin' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:14:12:14:21 | '/isAdmin' | TaintedPath | sinkLabel | Unknown | string |
| index.js:14:12:14:21 | '/isAdmin' | Xss | hasFlowFromSource | false | boolean |
| index.js:14:12:14:21 | '/isAdmin' | Xss | isConstantExpression | true | boolean |
| index.js:14:12:14:21 | '/isAdmin' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:14:12:14:21 | '/isAdmin' | Xss | sinkLabel | Unknown | string |
| index.js:14:24:16:3 | (req, r ... n);\\n } | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:14:24:16:3 | (req, r ... n);\\n } | NosqlInjection | isConstantExpression | false | boolean |
| index.js:14:24:16:3 | (req, r ... n);\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:14:24:16:3 | (req, r ... n);\\n } | NosqlInjection | sinkLabel | Unknown | string |
| index.js:14:24:16:3 | (req, r ... n);\\n } | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:14:24:16:3 | (req, r ... n);\\n } | SqlInjection | isConstantExpression | false | boolean |
| index.js:14:24:16:3 | (req, r ... n);\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:14:24:16:3 | (req, r ... n);\\n } | SqlInjection | sinkLabel | Unknown | string |
| index.js:14:24:16:3 | (req, r ... n);\\n } | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:14:24:16:3 | (req, r ... n);\\n } | TaintedPath | isConstantExpression | false | boolean |
| index.js:14:24:16:3 | (req, r ... n);\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:14:24:16:3 | (req, r ... n);\\n } | TaintedPath | sinkLabel | Unknown | string |
| index.js:14:24:16:3 | (req, r ... n);\\n } | Xss | hasFlowFromSource | false | boolean |
| index.js:14:24:16:3 | (req, r ... n);\\n } | Xss | isConstantExpression | false | boolean |
| index.js:14:24:16:3 | (req, r ... n);\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:14:24:16:3 | (req, r ... n);\\n } | Xss | sinkLabel | Unknown | string |
| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | hasFlowFromSource | true | boolean |
| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | isConstantExpression | false | boolean |
| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | notASinkReason | LoggerMethod | string |
| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | sinkLabel | NotASink | string |
| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | hasFlowFromSource | true | boolean |
| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | isConstantExpression | false | boolean |
| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | notASinkReason | LoggerMethod | string |
| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | sinkLabel | NotASink | string |
| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | hasFlowFromSource | true | boolean |
| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | isConstantExpression | false | boolean |
| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | notASinkReason | LoggerMethod | string |
| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | sinkLabel | NotASink | string |
| index.js:15:17:15:32 | req.body.isAdmin | Xss | hasFlowFromSource | true | boolean |
| index.js:15:17:15:32 | req.body.isAdmin | Xss | isConstantExpression | false | boolean |
| index.js:15:17:15:32 | req.body.isAdmin | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:15:17:15:32 | req.body.isAdmin | Xss | notASinkReason | LoggerMethod | string |
| index.js:15:17:15:32 | req.body.isAdmin | Xss | sinkLabel | NotASink | string |
| index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | isConstantExpression | false | boolean |
| index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | sinkLabel | Sink | string |
| index.js:20:26:20:29 | true | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:20:26:20:29 | true | SqlInjection | isConstantExpression | true | boolean |
| index.js:20:26:20:29 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:20:26:20:29 | true | SqlInjection | sinkLabel | Unknown | string |
| index.js:20:26:20:29 | true | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:20:26:20:29 | true | TaintedPath | isConstantExpression | true | boolean |
| index.js:20:26:20:29 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:20:26:20:29 | true | TaintedPath | sinkLabel | Unknown | string |
| index.js:20:26:20:29 | true | Xss | hasFlowFromSource | false | boolean |
| index.js:20:26:20:29 | true | Xss | isConstantExpression | true | boolean |
| index.js:20:26:20:29 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:20:26:20:29 | true | Xss | sinkLabel | Unknown | string |
| index.js:24:13:24:22 | "constant" | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:24:13:24:22 | "constant" | NosqlInjection | isConstantExpression | true | boolean |
| index.js:24:13:24:22 | "constant" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:24:13:24:22 | "constant" | NosqlInjection | sinkLabel | Sink | string |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | isConstantExpression | false | boolean |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | sinkLabel | Sink | string |
| index.js:32:15:32:24 | "someData" | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:32:15:32:24 | "someData" | NosqlInjection | isConstantExpression | true | boolean |
| index.js:32:15:32:24 | "someData" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:32:15:32:24 | "someData" | NosqlInjection | notASinkReason | LoggerMethod | string |
| index.js:32:15:32:24 | "someData" | NosqlInjection | sinkLabel | NotASink | string |
| index.js:32:15:32:24 | "someData" | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:32:15:32:24 | "someData" | SqlInjection | isConstantExpression | true | boolean |
| index.js:32:15:32:24 | "someData" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:32:15:32:24 | "someData" | SqlInjection | notASinkReason | LoggerMethod | string |
| index.js:32:15:32:24 | "someData" | SqlInjection | sinkLabel | NotASink | string |
| index.js:32:15:32:24 | "someData" | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:32:15:32:24 | "someData" | TaintedPath | isConstantExpression | true | boolean |
| index.js:32:15:32:24 | "someData" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:32:15:32:24 | "someData" | TaintedPath | notASinkReason | LoggerMethod | string |
| index.js:32:15:32:24 | "someData" | TaintedPath | sinkLabel | NotASink | string |
| index.js:32:15:32:24 | "someData" | Xss | hasFlowFromSource | false | boolean |
| index.js:32:15:32:24 | "someData" | Xss | isConstantExpression | true | boolean |
| index.js:32:15:32:24 | "someData" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:32:15:32:24 | "someData" | Xss | notASinkReason | LoggerMethod | string |
| index.js:32:15:32:24 | "someData" | Xss | sinkLabel | NotASink | string |
| index.js:36:20:36:22 | "a" | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:36:20:36:22 | "a" | NosqlInjection | isConstantExpression | true | boolean |
| index.js:36:20:36:22 | "a" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:36:20:36:22 | "a" | NosqlInjection | notASinkReason | ConstantReceiver | string |
| index.js:36:20:36:22 | "a" | NosqlInjection | notASinkReason | StringStartsWith | string |
| index.js:36:20:36:22 | "a" | NosqlInjection | sinkLabel | NotASink | string |
| index.js:36:20:36:22 | "a" | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:36:20:36:22 | "a" | SqlInjection | isConstantExpression | true | boolean |
| index.js:36:20:36:22 | "a" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:36:20:36:22 | "a" | SqlInjection | notASinkReason | ConstantReceiver | string |
| index.js:36:20:36:22 | "a" | SqlInjection | notASinkReason | StringStartsWith | string |
| index.js:36:20:36:22 | "a" | SqlInjection | sinkLabel | NotASink | string |
| index.js:36:20:36:22 | "a" | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:36:20:36:22 | "a" | TaintedPath | isConstantExpression | true | boolean |
| index.js:36:20:36:22 | "a" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:36:20:36:22 | "a" | TaintedPath | notASinkReason | ConstantReceiver | string |
| index.js:36:20:36:22 | "a" | TaintedPath | notASinkReason | StringStartsWith | string |
| index.js:36:20:36:22 | "a" | TaintedPath | sinkLabel | NotASink | string |
| index.js:36:20:36:22 | "a" | Xss | hasFlowFromSource | false | boolean |
| index.js:36:20:36:22 | "a" | Xss | isConstantExpression | true | boolean |
| index.js:36:20:36:22 | "a" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:36:20:36:22 | "a" | Xss | notASinkReason | ConstantReceiver | string |
| index.js:36:20:36:22 | "a" | Xss | notASinkReason | StringStartsWith | string |
| index.js:36:20:36:22 | "a" | Xss | sinkLabel | NotASink | string |
| index.js:41:13:68:61 | "a" + " ... " + "a" | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:41:13:68:61 | "a" + " ... " + "a" | NosqlInjection | isConstantExpression | true | boolean |
| index.js:41:13:68:61 | "a" + " ... " + "a" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:41:13:68:61 | "a" + " ... " + "a" | NosqlInjection | sinkLabel | Sink | string |
| index.js:78:30:78:39 | "someData" | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:78:30:78:39 | "someData" | NosqlInjection | isConstantExpression | true | boolean |
| index.js:78:30:78:39 | "someData" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:78:30:78:39 | "someData" | NosqlInjection | notASinkReason | LoggerMethod | string |
| index.js:78:30:78:39 | "someData" | NosqlInjection | sinkLabel | NotASink | string |
| index.js:78:30:78:39 | "someData" | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:78:30:78:39 | "someData" | SqlInjection | isConstantExpression | true | boolean |
| index.js:78:30:78:39 | "someData" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:78:30:78:39 | "someData" | SqlInjection | notASinkReason | LoggerMethod | string |
| index.js:78:30:78:39 | "someData" | SqlInjection | sinkLabel | NotASink | string |
| index.js:78:30:78:39 | "someData" | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:78:30:78:39 | "someData" | TaintedPath | isConstantExpression | true | boolean |
| index.js:78:30:78:39 | "someData" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:78:30:78:39 | "someData" | TaintedPath | notASinkReason | LoggerMethod | string |
| index.js:78:30:78:39 | "someData" | TaintedPath | sinkLabel | NotASink | string |
| index.js:78:30:78:39 | "someData" | Xss | hasFlowFromSource | false | boolean |
| index.js:78:30:78:39 | "someData" | Xss | isConstantExpression | true | boolean |
| index.js:78:30:78:39 | "someData" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:78:30:78:39 | "someData" | Xss | notASinkReason | LoggerMethod | string |
| index.js:78:30:78:39 | "someData" | Xss | sinkLabel | NotASink | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | isConstantExpression | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | notASinkReason | ClientRequest | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | notASinkReason | JQueryArgument | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | sinkLabel | NotASink | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | isConstantExpression | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | notASinkReason | ClientRequest | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | notASinkReason | JQueryArgument | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | sinkLabel | NotASink | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | isConstantExpression | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | notASinkReason | ClientRequest | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | notASinkReason | JQueryArgument | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | sinkLabel | NotASink | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | hasFlowFromSource | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | isConstantExpression | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | notASinkReason | ClientRequest | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | notASinkReason | JQueryArgument | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | sinkLabel | NotASink | string |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | isConstantExpression | false | boolean |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | notASinkReason | ClientRequest | string |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | sinkLabel | NotASink | string |
| index.js:84:12:84:18 | foo.bar | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:84:12:84:18 | foo.bar | SqlInjection | isConstantExpression | false | boolean |
| index.js:84:12:84:18 | foo.bar | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:84:12:84:18 | foo.bar | SqlInjection | notASinkReason | ClientRequest | string |
| index.js:84:12:84:18 | foo.bar | SqlInjection | sinkLabel | NotASink | string |
| index.js:84:12:84:18 | foo.bar | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:84:12:84:18 | foo.bar | TaintedPath | isConstantExpression | false | boolean |
| index.js:84:12:84:18 | foo.bar | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:84:12:84:18 | foo.bar | TaintedPath | notASinkReason | ClientRequest | string |
| index.js:84:12:84:18 | foo.bar | TaintedPath | sinkLabel | NotASink | string |
| index.js:84:12:84:18 | foo.bar | Xss | hasFlowFromSource | false | boolean |
| index.js:84:12:84:18 | foo.bar | Xss | isConstantExpression | false | boolean |
| index.js:84:12:84:18 | foo.bar | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:84:12:84:18 | foo.bar | Xss | notASinkReason | ClientRequest | string |
| index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | NotASink | string |
tokenFeatures
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | CalleeFlexibleAccessPath | console.log |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | InputAccessPathFromCallee | |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | InputArgumentIndex | 0 |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | assignedToPropName | |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | calleeImports | |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | contextFunctionInterfaces | should_be_ignored() |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | contextSurroundingFunctionParameters | () |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | enclosingFunctionBody | console log Should be ignored |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | enclosingFunctionName | should_be_ignored |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | fileImports | |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | receiverName | console |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | stringConcatenatedWith | |
| index.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require |
| index.js:1:25:1:33 | "express" | InputAccessPathFromCallee | |
| index.js:1:25:1:33 | "express" | InputArgumentIndex | 0 |
| index.js:1:25:1:33 | "express" | assignedToPropName | |
| index.js:1:25:1:33 | "express" | calleeImports | |
| index.js:1:25:1:33 | "express" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:1:25:1:33 | "express" | contextSurroundingFunctionParameters | |
| index.js:1:25:1:33 | "express" | enclosingFunctionBody | |
| index.js:1:25:1:33 | "express" | enclosingFunctionName | |
| index.js:1:25:1:33 | "express" | fileImports | express mongoose |
| index.js:1:25:1:33 | "express" | receiverName | |
| index.js:1:25:1:33 | "express" | stringConcatenatedWith | |
| index.js:2:26:2:35 | 'mongoose' | CalleeFlexibleAccessPath | require |
| index.js:2:26:2:35 | 'mongoose' | InputAccessPathFromCallee | |
| index.js:2:26:2:35 | 'mongoose' | InputArgumentIndex | 0 |
| index.js:2:26:2:35 | 'mongoose' | assignedToPropName | |
| index.js:2:26:2:35 | 'mongoose' | calleeImports | |
| index.js:2:26:2:35 | 'mongoose' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:2:26:2:35 | 'mongoose' | contextSurroundingFunctionParameters | |
| index.js:2:26:2:35 | 'mongoose' | enclosingFunctionBody | |
| index.js:2:26:2:35 | 'mongoose' | enclosingFunctionName | |
| index.js:2:26:2:35 | 'mongoose' | fileImports | express mongoose |
| index.js:2:26:2:35 | 'mongoose' | receiverName | |
| index.js:2:26:2:35 | 'mongoose' | stringConcatenatedWith | |
| index.js:3:29:3:34 | 'User' | CalleeFlexibleAccessPath | mongoose.model |
| index.js:3:29:3:34 | 'User' | InputAccessPathFromCallee | |
| index.js:3:29:3:34 | 'User' | InputArgumentIndex | 0 |
| index.js:3:29:3:34 | 'User' | assignedToPropName | |
| index.js:3:29:3:34 | 'User' | calleeImports | mongoose |
| index.js:3:29:3:34 | 'User' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:3:29:3:34 | 'User' | contextSurroundingFunctionParameters | |
| index.js:3:29:3:34 | 'User' | enclosingFunctionBody | |
| index.js:3:29:3:34 | 'User' | enclosingFunctionName | |
| index.js:3:29:3:34 | 'User' | fileImports | express mongoose |
| index.js:3:29:3:34 | 'User' | receiverName | mongoose |
| index.js:3:29:3:34 | 'User' | stringConcatenatedWith | |
| index.js:3:37:3:40 | null | CalleeFlexibleAccessPath | mongoose.model |
| index.js:3:37:3:40 | null | InputAccessPathFromCallee | |
| index.js:3:37:3:40 | null | InputArgumentIndex | 1 |
| index.js:3:37:3:40 | null | assignedToPropName | |
| index.js:3:37:3:40 | null | calleeImports | mongoose |
| index.js:3:37:3:40 | null | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:3:37:3:40 | null | contextSurroundingFunctionParameters | |
| index.js:3:37:3:40 | null | enclosingFunctionBody | |
| index.js:3:37:3:40 | null | enclosingFunctionName | |
| index.js:3:37:3:40 | null | fileImports | express mongoose |
| index.js:3:37:3:40 | null | receiverName | mongoose |
| index.js:3:37:3:40 | null | stringConcatenatedWith | |
| index.js:8:12:8:21 | '/isAdmin' | CalleeFlexibleAccessPath | app.post |
| index.js:8:12:8:21 | '/isAdmin' | InputAccessPathFromCallee | |
| index.js:8:12:8:21 | '/isAdmin' | InputArgumentIndex | 0 |
| index.js:8:12:8:21 | '/isAdmin' | assignedToPropName | |
| index.js:8:12:8:21 | '/isAdmin' | calleeImports | express |
| index.js:8:12:8:21 | '/isAdmin' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:8:12:8:21 | '/isAdmin' | contextSurroundingFunctionParameters | () |
| index.js:8:12:8:21 | '/isAdmin' | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin |
| index.js:8:12:8:21 | '/isAdmin' | enclosingFunctionName | flowFromSourceToSink |
| index.js:8:12:8:21 | '/isAdmin' | fileImports | express mongoose |
| index.js:8:12:8:21 | '/isAdmin' | receiverName | app |
| index.js:8:12:8:21 | '/isAdmin' | stringConcatenatedWith | |
| index.js:8:24:10:3 | (req, r ... });\\n } | CalleeFlexibleAccessPath | app.post |
| index.js:8:24:10:3 | (req, r ... });\\n } | InputAccessPathFromCallee | |
| index.js:8:24:10:3 | (req, r ... });\\n } | InputArgumentIndex | 1 |
| index.js:8:24:10:3 | (req, r ... });\\n } | assignedToPropName | |
| index.js:8:24:10:3 | (req, r ... });\\n } | calleeImports | express |
| index.js:8:24:10:3 | (req, r ... });\\n } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:8:24:10:3 | (req, r ... });\\n } | contextSurroundingFunctionParameters | ()\n(req, res) |
| index.js:8:24:10:3 | (req, r ... });\\n } | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin |
| index.js:8:24:10:3 | (req, r ... });\\n } | enclosingFunctionName | flowFromSourceToSink |
| index.js:8:24:10:3 | (req, r ... });\\n } | fileImports | express mongoose |
| index.js:8:24:10:3 | (req, r ... });\\n } | receiverName | app |
| index.js:8:24:10:3 | (req, r ... });\\n } | stringConcatenatedWith | |
| index.js:9:15:9:45 | { 'isAd ... Admin } | CalleeFlexibleAccessPath | User.find |
| index.js:9:15:9:45 | { 'isAd ... Admin } | InputAccessPathFromCallee | |
| index.js:9:15:9:45 | { 'isAd ... Admin } | InputArgumentIndex | 0 |
| index.js:9:15:9:45 | { 'isAd ... Admin } | assignedToPropName | |
| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeImports | mongoose |
| index.js:9:15:9:45 | { 'isAd ... Admin } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:9:15:9:45 | { 'isAd ... Admin } | contextSurroundingFunctionParameters | ()\n(req, res) |
| index.js:9:15:9:45 | { 'isAd ... Admin } | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin |
| index.js:9:15:9:45 | { 'isAd ... Admin } | enclosingFunctionName | flowFromSourceToSink |
| index.js:9:15:9:45 | { 'isAd ... Admin } | fileImports | express mongoose |
| index.js:9:15:9:45 | { 'isAd ... Admin } | receiverName | User |
| index.js:9:15:9:45 | { 'isAd ... Admin } | stringConcatenatedWith | |
| index.js:9:28:9:43 | req.body.isAdmin | CalleeFlexibleAccessPath | User.find |
| index.js:9:28:9:43 | req.body.isAdmin | InputAccessPathFromCallee | 0.isAdmin |
| index.js:9:28:9:43 | req.body.isAdmin | InputArgumentIndex | 0 |
| index.js:9:28:9:43 | req.body.isAdmin | assignedToPropName | isAdmin |
| index.js:9:28:9:43 | req.body.isAdmin | calleeImports | mongoose |
| index.js:9:28:9:43 | req.body.isAdmin | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:9:28:9:43 | req.body.isAdmin | contextSurroundingFunctionParameters | ()\n(req, res) |
| index.js:9:28:9:43 | req.body.isAdmin | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin |
| index.js:9:28:9:43 | req.body.isAdmin | enclosingFunctionName | flowFromSourceToSink |
| index.js:9:28:9:43 | req.body.isAdmin | fileImports | express mongoose |
| index.js:9:28:9:43 | req.body.isAdmin | receiverName | |
| index.js:9:28:9:43 | req.body.isAdmin | stringConcatenatedWith | |
| index.js:14:12:14:21 | '/isAdmin' | CalleeFlexibleAccessPath | app.post |
| index.js:14:12:14:21 | '/isAdmin' | InputAccessPathFromCallee | |
| index.js:14:12:14:21 | '/isAdmin' | InputArgumentIndex | 0 |
| index.js:14:12:14:21 | '/isAdmin' | assignedToPropName | |
| index.js:14:12:14:21 | '/isAdmin' | calleeImports | express |
| index.js:14:12:14:21 | '/isAdmin' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:14:12:14:21 | '/isAdmin' | contextSurroundingFunctionParameters | () |
| index.js:14:12:14:21 | '/isAdmin' | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin |
| index.js:14:12:14:21 | '/isAdmin' | enclosingFunctionName | flowFromSourceToNotASink |
| index.js:14:12:14:21 | '/isAdmin' | fileImports | express mongoose |
| index.js:14:12:14:21 | '/isAdmin' | receiverName | app |
| index.js:14:12:14:21 | '/isAdmin' | stringConcatenatedWith | |
| index.js:14:24:16:3 | (req, r ... n);\\n } | CalleeFlexibleAccessPath | app.post |
| index.js:14:24:16:3 | (req, r ... n);\\n } | InputAccessPathFromCallee | |
| index.js:14:24:16:3 | (req, r ... n);\\n } | InputArgumentIndex | 1 |
| index.js:14:24:16:3 | (req, r ... n);\\n } | assignedToPropName | |
| index.js:14:24:16:3 | (req, r ... n);\\n } | calleeImports | express |
| index.js:14:24:16:3 | (req, r ... n);\\n } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:14:24:16:3 | (req, r ... n);\\n } | contextSurroundingFunctionParameters | ()\n(req, res) |
| index.js:14:24:16:3 | (req, r ... n);\\n } | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin |
| index.js:14:24:16:3 | (req, r ... n);\\n } | enclosingFunctionName | flowFromSourceToNotASink |
| index.js:14:24:16:3 | (req, r ... n);\\n } | fileImports | express mongoose |
| index.js:14:24:16:3 | (req, r ... n);\\n } | receiverName | app |
| index.js:14:24:16:3 | (req, r ... n);\\n } | stringConcatenatedWith | |
| index.js:15:17:15:32 | req.body.isAdmin | CalleeFlexibleAccessPath | console.log |
| index.js:15:17:15:32 | req.body.isAdmin | InputAccessPathFromCallee | |
| index.js:15:17:15:32 | req.body.isAdmin | InputArgumentIndex | 0 |
| index.js:15:17:15:32 | req.body.isAdmin | assignedToPropName | |
| index.js:15:17:15:32 | req.body.isAdmin | calleeImports | |
| index.js:15:17:15:32 | req.body.isAdmin | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:15:17:15:32 | req.body.isAdmin | contextSurroundingFunctionParameters | ()\n(req, res) |
| index.js:15:17:15:32 | req.body.isAdmin | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin |
| index.js:15:17:15:32 | req.body.isAdmin | enclosingFunctionName | flowFromSourceToNotASink |
| index.js:15:17:15:32 | req.body.isAdmin | fileImports | express mongoose |
| index.js:15:17:15:32 | req.body.isAdmin | receiverName | console |
| index.js:15:17:15:32 | req.body.isAdmin | stringConcatenatedWith | |
| index.js:20:13:20:31 | { 'isAdmin': true } | CalleeFlexibleAccessPath | User.find |
| index.js:20:13:20:31 | { 'isAdmin': true } | InputAccessPathFromCallee | |
| index.js:20:13:20:31 | { 'isAdmin': true } | InputArgumentIndex | 0 |
| index.js:20:13:20:31 | { 'isAdmin': true } | assignedToPropName | |
| index.js:20:13:20:31 | { 'isAdmin': true } | calleeImports | mongoose |
| index.js:20:13:20:31 | { 'isAdmin': true } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:20:13:20:31 | { 'isAdmin': true } | contextSurroundingFunctionParameters | () |
| index.js:20:13:20:31 | { 'isAdmin': true } | enclosingFunctionBody | User find isAdmin true |
| index.js:20:13:20:31 | { 'isAdmin': true } | enclosingFunctionName | notFlowFromSource |
| index.js:20:13:20:31 | { 'isAdmin': true } | fileImports | express mongoose |
| index.js:20:13:20:31 | { 'isAdmin': true } | receiverName | User |
| index.js:20:13:20:31 | { 'isAdmin': true } | stringConcatenatedWith | |
| index.js:20:26:20:29 | true | CalleeFlexibleAccessPath | User.find |
| index.js:20:26:20:29 | true | InputAccessPathFromCallee | 0.isAdmin |
| index.js:20:26:20:29 | true | InputArgumentIndex | 0 |
| index.js:20:26:20:29 | true | assignedToPropName | isAdmin |
| index.js:20:26:20:29 | true | calleeImports | mongoose |
| index.js:20:26:20:29 | true | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:20:26:20:29 | true | contextSurroundingFunctionParameters | () |
| index.js:20:26:20:29 | true | enclosingFunctionBody | User find isAdmin true |
| index.js:20:26:20:29 | true | enclosingFunctionName | notFlowFromSource |
| index.js:20:26:20:29 | true | fileImports | express mongoose |
| index.js:20:26:20:29 | true | receiverName | |
| index.js:20:26:20:29 | true | stringConcatenatedWith | |
| index.js:24:13:24:22 | "constant" | CalleeFlexibleAccessPath | User.find |
| index.js:24:13:24:22 | "constant" | InputAccessPathFromCallee | |
| index.js:24:13:24:22 | "constant" | InputArgumentIndex | 0 |
| index.js:24:13:24:22 | "constant" | assignedToPropName | |
| index.js:24:13:24:22 | "constant" | calleeImports | mongoose |
| index.js:24:13:24:22 | "constant" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:24:13:24:22 | "constant" | contextSurroundingFunctionParameters | () |
| index.js:24:13:24:22 | "constant" | enclosingFunctionBody | User find constant |
| index.js:24:13:24:22 | "constant" | enclosingFunctionName | constantExpression |
| index.js:24:13:24:22 | "constant" | fileImports | express mongoose |
| index.js:24:13:24:22 | "constant" | receiverName | User |
| index.js:24:13:24:22 | "constant" | stringConcatenatedWith | |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | CalleeFlexibleAccessPath | User.find |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | InputAccessPathFromCallee | |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | InputArgumentIndex | 0 |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | assignedToPropName | |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeImports | mongoose |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | contextSurroundingFunctionParameters | () |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionBody | User find UNDEFINED_GLOBAL |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionName | notConstantExpression |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | fileImports | express mongoose |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | receiverName | User |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | stringConcatenatedWith | |
| index.js:32:15:32:24 | "someData" | CalleeFlexibleAccessPath | console.log |
| index.js:32:15:32:24 | "someData" | InputAccessPathFromCallee | |
| index.js:32:15:32:24 | "someData" | InputArgumentIndex | 0 |
| index.js:32:15:32:24 | "someData" | assignedToPropName | |
| index.js:32:15:32:24 | "someData" | calleeImports | |
| index.js:32:15:32:24 | "someData" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:32:15:32:24 | "someData" | contextSurroundingFunctionParameters | () |
| index.js:32:15:32:24 | "someData" | enclosingFunctionBody | console log someData |
| index.js:32:15:32:24 | "someData" | enclosingFunctionName | notASink |
| index.js:32:15:32:24 | "someData" | fileImports | express mongoose |
| index.js:32:15:32:24 | "someData" | receiverName | console |
| index.js:32:15:32:24 | "someData" | stringConcatenatedWith | |
| index.js:36:20:36:22 | "a" | CalleeFlexibleAccessPath | ?.startsWith |
| index.js:36:20:36:22 | "a" | InputAccessPathFromCallee | |
| index.js:36:20:36:22 | "a" | InputArgumentIndex | 0 |
| index.js:36:20:36:22 | "a" | assignedToPropName | |
| index.js:36:20:36:22 | "a" | calleeImports | |
| index.js:36:20:36:22 | "a" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:36:20:36:22 | "a" | contextSurroundingFunctionParameters | () |
| index.js:36:20:36:22 | "a" | enclosingFunctionBody | abc startsWith a |
| index.js:36:20:36:22 | "a" | enclosingFunctionName | notASinkMultipleReasons |
| index.js:36:20:36:22 | "a" | fileImports | express mongoose |
| index.js:36:20:36:22 | "a" | receiverName | |
| index.js:36:20:36:22 | "a" | stringConcatenatedWith | |
| index.js:41:13:68:61 | "a" + " ... " + "a" | CalleeFlexibleAccessPath | User.find |
| index.js:41:13:68:61 | "a" + " ... " + "a" | InputAccessPathFromCallee | |
| index.js:41:13:68:61 | "a" + " ... " + "a" | InputArgumentIndex | 0 |
| index.js:41:13:68:61 | "a" + " ... " + "a" | assignedToPropName | |
| index.js:41:13:68:61 | "a" + " ... " + "a" | calleeImports | mongoose |
| index.js:41:13:68:61 | "a" + " ... " + "a" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:41:13:68:61 | "a" + " ... " + "a" | contextSurroundingFunctionParameters | () |
| index.js:41:13:68:61 | "a" + " ... " + "a" | enclosingFunctionBody | |
| index.js:41:13:68:61 | "a" + " ... " + "a" | enclosingFunctionName | veryLongFunctionBody |
| index.js:41:13:68:61 | "a" + " ... " + "a" | fileImports | express mongoose |
| index.js:41:13:68:61 | "a" + " ... " + "a" | receiverName | User |
| index.js:41:13:68:61 | "a" + " ... " + "a" | stringConcatenatedWith | |
| index.js:78:30:78:39 | "someData" | CalleeFlexibleAccessPath | console.log |
| index.js:78:30:78:39 | "someData" | InputAccessPathFromCallee | |
| index.js:78:30:78:39 | "someData" | InputArgumentIndex | 0 |
| index.js:78:30:78:39 | "someData" | assignedToPropName | |
| index.js:78:30:78:39 | "someData" | calleeImports | |
| index.js:78:30:78:39 | "someData" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:78:30:78:39 | "someData" | contextSurroundingFunctionParameters | () |
| index.js:78:30:78:39 | "someData" | enclosingFunctionBody | console log someData |
| index.js:78:30:78:39 | "someData" | enclosingFunctionName | identity#functionalargument |
| index.js:78:30:78:39 | "someData" | fileImports | express mongoose |
| index.js:78:30:78:39 | "someData" | receiverName | console |
| index.js:78:30:78:39 | "someData" | stringConcatenatedWith | |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | CalleeFlexibleAccessPath | $.ajax |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | InputAccessPathFromCallee | |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | InputArgumentIndex | 0 |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | assignedToPropName | |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | calleeImports | |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | contextSurroundingFunctionParameters | (foo) |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | enclosingFunctionBody | foo $ ajax url foo bar |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | enclosingFunctionName | effectiveSinkAndNotASink |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | fileImports | express mongoose |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | receiverName | $ |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | stringConcatenatedWith | |
| index.js:84:12:84:18 | foo.bar | CalleeFlexibleAccessPath | $.ajax |
| index.js:84:12:84:18 | foo.bar | InputAccessPathFromCallee | 0.url |
| index.js:84:12:84:18 | foo.bar | InputArgumentIndex | 0 |
| index.js:84:12:84:18 | foo.bar | assignedToPropName | url |
| index.js:84:12:84:18 | foo.bar | calleeImports | |
| index.js:84:12:84:18 | foo.bar | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
| index.js:84:12:84:18 | foo.bar | contextSurroundingFunctionParameters | (foo) |
| index.js:84:12:84:18 | foo.bar | enclosingFunctionBody | foo $ ajax url foo bar |
| index.js:84:12:84:18 | foo.bar | enclosingFunctionName | effectiveSinkAndNotASink |
| index.js:84:12:84:18 | foo.bar | fileImports | express mongoose |
| index.js:84:12:84:18 | foo.bar | receiverName | |
| index.js:84:12:84:18 | foo.bar | stringConcatenatedWith | |
Reference in New Issue View Git Blame Copy Permalink