hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
cc8fe1080175c0bfa25463c3f82779ab8536f276
codeql/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected
Asger F cc8fe10801 JS: Update locations in expected files
2025-08-29 12:03:11 +02:00

66 lines
9.6 KiB
Plaintext
Raw Blame History

#select
| tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | Call to external-lib() [param 0 'x'] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | Call to external-lib() [param *] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | Call to external-lib() [param *] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | Call to external-lib() [param 1] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | Call to external-lib() [param 0 'x'] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | Call to external-lib.get.[callback].[param 'res'].send() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | Call to external-lib.get.[callback].[param 'req'].app.locals.something.foo() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | Call to lodash.merge() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} | Call to lodash.merge() [param 1] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
edges
| tst-UntrustedDataToExternalAPI.js:3:5:3:13 | untrusted | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:13 | untrusted | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:13 | untrusted | tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:13 | untrusted | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:13 | untrusted | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:13 | untrusted | tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:13 | untrusted | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:13 | untrusted | tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:13 | untrusted | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:13 | untrusted | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:13 | untrusted | tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:13 | untrusted | tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:13 | untrusted | tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:3:5:3:13 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | provenance | |
| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | provenance | |
| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | provenance | |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [y] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [z] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | |
| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} | provenance | |
| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [x] | provenance | |
| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} | provenance | |
| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [y] | provenance | |
| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} | provenance | |
| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [z] | provenance | |
nodes
| tst-UntrustedDataToExternalAPI.js:3:5:3:13 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | semmle.label | window.name |
| tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | semmle.label | ['x', u ... d, 'y'] |
| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | semmle.label | {\\n ... }\\n } |
| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | semmle.label | {\\n ... } [z] |
| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | semmle.label | {} |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} | semmle.label | { // $ ... usted\\n} |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [x] | semmle.label | { // $ ... usted\\n} [x] |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [y] | semmle.label | { // $ ... usted\\n} [y] |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [z] | semmle.label | { // $ ... usted\\n} [z] |
| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | semmle.label | untrusted |
subpaths
Reference in New Issue View Git Blame Copy Permalink