hohn/sarif-cli
1
0
Fork 0
mirror of https://github.com/hohn/sarif-cli.git synced 2025-12-16 09:13:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
mh-experimental-1
sarif-cli/data/treeio/test_set_1.yaml

2108 lines
83 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

$schema: https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json
version: 2.1.0
runs:
- tool:
driver:
name: LGTM.com
organization: Semmle
version: 1.29.0-SNAPSHOT
rules:
- id: com.lgtm/javascript-queries:js/unused-local-variable
name: com.lgtm/javascript-queries:js/unused-local-variable
shortDescription:
text: Unused variable, import, function or class
fullDescription:
text: Unused variables, imports, functions or classes may be a symptom of a bug and should be examined carefully.
defaultConfiguration:
enabled: true
level: note
properties:
tags:
- maintainability
kind: problem
precision: very-high
severity: recommendation
- id: com.lgtm/javascript-queries:js/property-access-on-non-object
name: com.lgtm/javascript-queries:js/property-access-on-non-object
shortDescription:
text: Property access on null or undefined
fullDescription:
text: Trying to access a property of "null" or "undefined" will result in a runtime exception.
defaultConfiguration:
enabled: true
level: error
properties:
tags:
- correctness
- external/cwe/cwe-476
kind: problem
precision: high
severity: error
- id: com.lgtm/javascript-queries:js/regex/duplicate-in-character-class
name: com.lgtm/javascript-queries:js/regex/duplicate-in-character-class
shortDescription:
text: Duplicate character in character class
fullDescription:
text: If a character class in a regular expression contains the same character twice, this may indicate a bug.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- reliability
- correctness
- regular-expressions
kind: problem
precision: very-high
severity: warning
- id: com.lgtm/javascript-queries:js/misleading-indentation-after-control-statement
name: com.lgtm/javascript-queries:js/misleading-indentation-after-control-statement
shortDescription:
text: Misleading indentation after control statement
fullDescription:
text: The body of a control statement should have appropriate indentation to clarify which statements it controls and which ones it does not control.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- correctness
- statistical
- non-attributable
- external/cwe/cwe-483
kind: problem
precision: very-high
severity: warning
- id: com.lgtm/javascript-queries:js/missing-variable-declaration
name: com.lgtm/javascript-queries:js/missing-variable-declaration
shortDescription:
text: Missing variable declaration
fullDescription:
text: If a variable is not declared as a local variable, it becomes a global variable by default, which may be unintentional and could lead to unexpected behavior.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- reliability
- maintainability
kind: problem
precision: high
severity: warning
- id: com.lgtm/javascript-queries:js/misleading-indentation-of-dangling-else
name: com.lgtm/javascript-queries:js/misleading-indentation-of-dangling-else
shortDescription:
text: Misleading indentation of dangling 'else'
fullDescription:
text: The 'else' clause of an 'if' statement should be aligned with the 'if' it belongs to.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- readability
- statistical
- non-attributable
- external/cwe/cwe-483
kind: problem
precision: very-high
severity: warning
- id: com.lgtm/javascript-queries:js/function-declaration-conflict
name: com.lgtm/javascript-queries:js/function-declaration-conflict
shortDescription:
text: Conflicting function declarations
fullDescription:
text: If two functions with the same name are declared in the same scope, one of the declarations overrides the other without warning. This makes the code hard to read and maintain, and may even lead to platform-dependent behavior.
defaultConfiguration:
enabled: true
level: error
properties:
tags:
- reliability
- correctness
- external/cwe/cwe-563
kind: problem
precision: high
severity: error
- id: com.lgtm/javascript-queries:js/variable-initialization-conflict
name: com.lgtm/javascript-queries:js/variable-initialization-conflict
shortDescription:
text: Conflicting variable initialization
fullDescription:
text: If a variable is declared and initialized twice inside the same variable declaration statement, the second initialization immediately overwrites the first one.
defaultConfiguration:
enabled: true
level: error
properties:
tags:
- reliability
- correctness
- external/cwe/cwe-563
kind: problem
precision: very-high
severity: error
- id: com.lgtm/javascript-queries:js/comparison-between-incompatible-types
name: com.lgtm/javascript-queries:js/comparison-between-incompatible-types
shortDescription:
text: Comparison between inconvertible types
fullDescription:
text: An equality comparison between two values that cannot be meaningfully converted to the same type will always yield 'false', and an inequality comparison will always yield 'true'.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- reliability
- correctness
- external/cwe/cwe-570
- external/cwe/cwe-571
kind: problem
precision: high
severity: warning
- id: com.lgtm/javascript-queries:js/automatic-semicolon-insertion
name: com.lgtm/javascript-queries:js/automatic-semicolon-insertion
shortDescription:
text: Semicolon insertion
fullDescription:
text: Code that uses automatic semicolon insertion inconsistently is hard to read and maintain.
defaultConfiguration:
enabled: true
level: note
properties:
tags:
- maintainability
- language-features
- statistical
- non-attributable
kind: problem
precision: very-high
severity: recommendation
- id: com.lgtm/javascript-queries:js/superfluous-trailing-arguments
name: com.lgtm/javascript-queries:js/superfluous-trailing-arguments
shortDescription:
text: Superfluous trailing arguments
fullDescription:
text: A function is invoked with extra trailing arguments that are ignored.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- maintainability
- correctness
- language-features
- external/cwe/cwe-685
kind: problem
precision: very-high
severity: warning
- id: com.lgtm/javascript-queries:js/overwritten-property
name: com.lgtm/javascript-queries:js/overwritten-property
shortDescription:
text: Overwritten property
fullDescription:
text: If an object literal has two properties with the same name, the second property overwrites the first one, which makes the code hard to understand and error-prone.
defaultConfiguration:
enabled: true
level: error
properties:
tags:
- reliability
- correctness
- external/cwe/cwe-563
kind: problem
precision: very-high
severity: error
- id: com.lgtm/javascript-queries:js/eval-like-call
name: com.lgtm/javascript-queries:js/eval-like-call
shortDescription:
text: Call to eval-like DOM function
fullDescription:
text: DOM functions that act like 'eval' and execute strings as code are dangerous and impede program analysis and understanding. Consequently, they should not be used.
defaultConfiguration:
enabled: true
level: note
properties:
tags:
- maintainability
- external/cwe/cwe-676
kind: problem
precision: very-high
severity: recommendation
- id: com.lgtm/javascript-queries:js/use-before-declaration
name: com.lgtm/javascript-queries:js/use-before-declaration
shortDescription:
text: Variable not declared before use
fullDescription:
text: Variables should be declared before their first use.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- maintainability
- readability
kind: problem
precision: very-high
severity: warning
- id: com.lgtm/javascript-queries:js/trivial-conditional
name: com.lgtm/javascript-queries:js/trivial-conditional
shortDescription:
text: Useless conditional
fullDescription:
text: If a conditional expression always evaluates to true or always evaluates to false, this suggests incomplete code or a logic error.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- correctness
- external/cwe/cwe-570
- external/cwe/cwe-571
kind: problem
precision: very-high
severity: warning
- id: com.lgtm/javascript-queries:js/useless-expression
name: com.lgtm/javascript-queries:js/useless-expression
shortDescription:
text: Expression has no effect
fullDescription:
text: An expression that has no effect and is used in a void context is most likely redundant and may indicate a bug.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- maintainability
- correctness
- external/cwe/cwe-480
- external/cwe/cwe-561
kind: problem
precision: very-high
severity: warning
- id: com.lgtm/javascript-queries:js/redundant-operation
name: com.lgtm/javascript-queries:js/redundant-operation
shortDescription:
text: Identical operands
fullDescription:
text: Passing identical, or seemingly identical, operands to an operator such as subtraction or conjunction may indicate a typo; even if it is intentional, it makes the code hard to read.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- reliability
- correctness
- external/cwe/cwe-480
- external/cwe/cwe-561
kind: problem
precision: very-high
severity: warning
- id: com.lgtm/javascript-queries:js/unreachable-statement
name: com.lgtm/javascript-queries:js/unreachable-statement
shortDescription:
text: Unreachable statement
fullDescription:
text: Unreachable statements are often indicative of missing code or latent bugs and should be avoided.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- maintainability
- correctness
- external/cwe/cwe-561
kind: problem
precision: very-high
severity: warning
- id: com.lgtm/javascript-queries:js/redundant-assignment
name: com.lgtm/javascript-queries:js/redundant-assignment
shortDescription:
text: Self assignment
fullDescription:
text: Assigning a variable to itself has no effect.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- reliability
- correctness
- external/cwe/cwe-480
- external/cwe/cwe-561
kind: problem
precision: high
severity: warning
- id: com.lgtm/javascript-queries:js/useless-assignment-to-local
name: com.lgtm/javascript-queries:js/useless-assignment-to-local
shortDescription:
text: Useless assignment to local variable
fullDescription:
text: An assignment to a local variable that is not used later on, or whose value is always overwritten, has no effect.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- maintainability
- external/cwe/cwe-563
kind: problem
precision: very-high
severity: warning
- id: com.lgtm/javascript-queries:js/implicit-operand-conversion
name: com.lgtm/javascript-queries:js/implicit-operand-conversion
shortDescription:
text: Implicit operand conversion
fullDescription:
text: Relying on implicit conversion of operands is error-prone and makes code hard to read.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- reliability
- readability
- external/cwe/cwe-704
kind: problem
precision: very-high
severity: warning
- id: com.lgtm/javascript-queries:js/duplicate-variable-declaration
name: com.lgtm/javascript-queries:js/duplicate-variable-declaration
shortDescription:
text: Duplicate variable declaration
fullDescription:
text: A variable declaration statement that declares the same variable twice is confusing and hard to maintain.
defaultConfiguration:
enabled: true
level: note
properties:
tags:
- maintainability
kind: problem
precision: very-high
severity: recommendation
- id: com.lgtm/javascript-queries:js/unsafe-external-link
name: com.lgtm/javascript-queries:js/unsafe-external-link
shortDescription:
text: Potentially unsafe external link
fullDescription:
text: External links that open in a new tab or window but do not specify link type 'noopener' or 'noreferrer' are a potential security risk.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- maintainability
- security
- external/cwe/cwe-200
- external/cwe/cwe-1022
kind: problem
precision: very-high
security-severity: "6.5"
severity: warning
- id: com.lgtm/javascript-queries:js/duplicate-html-attribute
name: com.lgtm/javascript-queries:js/duplicate-html-attribute
shortDescription:
text: Duplicate HTML element attributes
fullDescription:
text: Specifying the same attribute twice on the same HTML element is redundant and may indicate a copy-paste mistake.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- maintainability
- readability
kind: problem
precision: very-high
severity: warning
- id: com.lgtm/javascript-queries:js/unknown-directive
name: com.lgtm/javascript-queries:js/unknown-directive
shortDescription:
text: Unknown directive
fullDescription:
text: An unknown directive has no effect and may indicate a misspelling.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- correctness
kind: problem
precision: high
severity: warning
- id: com.lgtm/javascript-queries:js/redos
name: com.lgtm/javascript-queries:js/redos
shortDescription:
text: Inefficient regular expression
fullDescription:
text: A regular expression that requires exponential time to match certain inputs can be a performance bottleneck, and may be vulnerable to denial-of-service attacks.
defaultConfiguration:
enabled: true
level: error
properties:
tags:
- security
- external/cwe/cwe-1333
- external/cwe/cwe-730
- external/cwe/cwe-400
kind: problem
precision: high
security-severity: "7.5"
severity: error
- id: com.lgtm/javascript-queries:js/incomplete-sanitization
name: com.lgtm/javascript-queries:js/incomplete-sanitization
shortDescription:
text: Incomplete string escaping or encoding
fullDescription:
text: A string transformer that does not replace or escape all occurrences of a meta-character may be ineffective.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- correctness
- security
- external/cwe/cwe-116
- external/cwe/cwe-020
kind: problem
precision: high
security-severity: "7.8"
severity: warning
- id: com.lgtm/javascript-queries:js/useless-assignment-to-property
name: com.lgtm/javascript-queries:js/useless-assignment-to-property
shortDescription:
text: Useless assignment to property
fullDescription:
text: An assignment to a property whose value is always overwritten has no effect.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- maintainability
kind: problem
precision: high
severity: warning
- id: com.lgtm/javascript-queries:js/incomplete-hostname-regexp
name: com.lgtm/javascript-queries:js/incomplete-hostname-regexp
shortDescription:
text: Incomplete regular expression for hostnames
fullDescription:
text: Matching a URL or hostname against a regular expression that contains an unescaped dot as part of the hostname might match more hostnames than expected.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- correctness
- security
- external/cwe/cwe-020
kind: problem
precision: high
security-severity: "7.8"
severity: warning
- id: com.lgtm/javascript-queries:js/loop-iteration-skipped-due-to-shifting
name: com.lgtm/javascript-queries:js/loop-iteration-skipped-due-to-shifting
shortDescription:
text: Loop iteration skipped due to shifting
fullDescription:
text: Removing elements from an array while iterating over it can cause the loop to skip over some elements, unless the loop index is decremented accordingly.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- correctness
kind: problem
precision: high
severity: warning
- id: com.lgtm/javascript-queries:js/useless-regexp-character-escape
name: com.lgtm/javascript-queries:js/useless-regexp-character-escape
shortDescription:
text: Useless regular-expression character escape
fullDescription:
text: Prepending a backslash to an ordinary character in a string does not have any effect, and may make regular expressions constructed from this string behave unexpectedly.
defaultConfiguration:
enabled: true
level: error
properties:
tags:
- correctness
- security
- external/cwe/cwe-020
kind: problem
precision: high
security-severity: "7.8"
severity: error
- id: com.lgtm/javascript-queries:js/unsafe-jquery-plugin
name: com.lgtm/javascript-queries:js/unsafe-jquery-plugin
shortDescription:
text: Unsafe jQuery plugin
fullDescription:
text: A jQuery plugin that unintentionally constructs HTML from some of its options may be unsafe to use for clients.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- security
- external/cwe/cwe-079
- external/cwe/cwe-116
- frameworks/jquery
kind: path-problem
precision: high
security-severity: "6.1"
severity: warning
- id: com.lgtm/javascript-queries:js/xss-through-dom
name: com.lgtm/javascript-queries:js/xss-through-dom
shortDescription:
text: DOM text reinterpreted as HTML
fullDescription:
text: Reinterpreting text from the DOM as HTML can lead to a cross-site scripting vulnerability.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- security
- external/cwe/cwe-079
- external/cwe/cwe-116
kind: path-problem
precision: high
security-severity: "6.1"
severity: warning
- id: com.lgtm/javascript-queries:js/incomplete-multi-character-sanitization
name: com.lgtm/javascript-queries:js/incomplete-multi-character-sanitization
shortDescription:
text: Incomplete multi-character sanitization
fullDescription:
text: A sanitizer that removes a sequence of characters may reintroduce the dangerous sequence.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- correctness
- security
- external/cwe/cwe-116
- external/cwe/cwe-020
kind: problem
precision: high
security-severity: "7.8"
severity: warning
- id: com.lgtm/javascript-queries:js/html-constructed-from-input
name: com.lgtm/javascript-queries:js/html-constructed-from-input
shortDescription:
text: Unsafe HTML constructed from library input
fullDescription:
text: Using externally controlled strings to construct HTML might allow a malicious user to perform a cross-site scripting attack.
defaultConfiguration:
enabled: true
level: error
properties:
tags:
- security
- external/cwe/cwe-079
- external/cwe/cwe-116
kind: path-problem
precision: high
security-severity: "6.1"
severity: error
- id: com.lgtm/javascript-queries:js/bad-tag-filter
name: com.lgtm/javascript-queries:js/bad-tag-filter
shortDescription:
text: Bad HTML filtering regexp
fullDescription:
text: Matching HTML tags using regular expressions is hard to do right, and can easily lead to security issues.
defaultConfiguration:
enabled: true
level: warning
properties:
tags:
- correctness
- security
- external/cwe/cwe-116
- external/cwe/cwe-020
kind: problem
precision: high
security-severity: "7.8"
severity: warning
versionControlProvenance:
- repositoryUri: https://github.com/treeio/treeio.git
revisionId: bae3115f4015aad2cbc5ab45572232ceec990495
artifacts:
- location:
uri: static/js/fileuploader.js
uriBaseId: '%SRCROOT%'
index: 0
- location:
uri: static/js/hardtree.js
uriBaseId: '%SRCROOT%'
index: 1
- location:
uri: static/js/jquery-ui-1.10.3/demos/accordion/hoverintent.html
uriBaseId: '%SRCROOT%'
index: 2
- location:
uri: static/js/jquery.ganttView.js
uriBaseId: '%SRCROOT%'
index: 3
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/advimage/js/image.js
uriBaseId: '%SRCROOT%'
index: 4
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/advlink/js/advlink.js
uriBaseId: '%SRCROOT%'
index: 5
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/contextmenu/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 6
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/emotions/js/emotions.js
uriBaseId: '%SRCROOT%'
index: 7
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/fullpage/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 8
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/fullscreen/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 9
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/fullscreen/fullscreen.htm
uriBaseId: '%SRCROOT%'
index: 10
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/inlinepopups/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 11
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/layer/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 12
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/legacyoutput/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 13
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/lists/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 14
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/media/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 15
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/media/js/media.js
uriBaseId: '%SRCROOT%'
index: 16
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/noneditable/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 17
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/save/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 18
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/searchreplace/js/searchreplace.js
uriBaseId: '%SRCROOT%'
index: 19
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/spellchecker/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 20
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/style/js/props.js
uriBaseId: '%SRCROOT%'
index: 21
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/tabfocus/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 22
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/table/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 23
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/table/js/cell.js
uriBaseId: '%SRCROOT%'
index: 24
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/template/js/template.js
uriBaseId: '%SRCROOT%'
index: 25
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/visualchars/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 26
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/xhtmlxtras/js/element_common.js
uriBaseId: '%SRCROOT%'
index: 27
- location:
uri: static/js/tinymce/jscripts/tiny_mce/themes/advanced/editor_template_src.js
uriBaseId: '%SRCROOT%'
index: 28
- location:
uri: static/js/tinymce/jscripts/tiny_mce/themes/advanced/js/anchor.js
uriBaseId: '%SRCROOT%'
index: 29
- location:
uri: static/js/tinymce/jscripts/tiny_mce/themes/advanced/js/charmap.js
uriBaseId: '%SRCROOT%'
index: 30
- location:
uri: static/js/tinymce/jscripts/tiny_mce/themes/advanced/js/color_picker.js
uriBaseId: '%SRCROOT%'
index: 31
- location:
uri: static/js/tinymce/jscripts/tiny_mce/themes/advanced/js/image.js
uriBaseId: '%SRCROOT%'
index: 32
- location:
uri: static/js/tinymce/jscripts/tiny_mce/themes/advanced/js/link.js
uriBaseId: '%SRCROOT%'
index: 33
- location:
uri: static/js/tinymce/jscripts/tiny_mce/tiny_mce_src.js
uriBaseId: '%SRCROOT%'
index: 34
- location:
uri: static/js/tinymce/jscripts/tiny_mce/utils/editable_selects.js
uriBaseId: '%SRCROOT%'
index: 35
- location:
uri: static/js/tinymce/jscripts/tiny_mce/utils/mctabs.js
uriBaseId: '%SRCROOT%'
index: 36
- location:
uri: static/js/tinymce/jscripts/tiny_mce/utils/validate.js
uriBaseId: '%SRCROOT%'
index: 37
- location:
uri: static/mobile/jquery.mobile.scrollview.js
uriBaseId: '%SRCROOT%'
index: 38
- location:
uri: templates/html/core/billing/upgrade.html
uriBaseId: '%SRCROOT%'
index: 39
- location:
uri: static/js/12o_super_mini.js
uriBaseId: '%SRCROOT%'
index: 40
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/paste/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 41
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/wordcount/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 42
- location:
uri: static/js/chat.js
uriBaseId: '%SRCROOT%'
index: 43
- location:
uri: static/js/jquery-ui-1.10.3/demos/effect/easing.html
uriBaseId: '%SRCROOT%'
index: 44
- location:
uri: static/js/jquery.gritter.js
uriBaseId: '%SRCROOT%'
index: 45
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/style/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 46
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/table/js/table.js
uriBaseId: '%SRCROOT%'
index: 47
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/template/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 48
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/xhtmlxtras/js/attributes.js
uriBaseId: '%SRCROOT%'
index: 49
- location:
uri: static/js/tinymce/jscripts/tiny_mce/utils/form_utils.js
uriBaseId: '%SRCROOT%'
index: 50
- location:
uri: static/mobile/jquery.mobile.forms.ajaxform.js
uriBaseId: '%SRCROOT%'
index: 51
- location:
uri: static/js/colorbox/example1/index.html
uriBaseId: '%SRCROOT%'
index: 52
- location:
uri: static/js/colorbox/example2/index.html
uriBaseId: '%SRCROOT%'
index: 53
- location:
uri: static/js/colorbox/example3/index.html
uriBaseId: '%SRCROOT%'
index: 54
- location:
uri: static/js/colorbox/example4/index.html
uriBaseId: '%SRCROOT%'
index: 55
- location:
uri: static/js/colorbox/example5/index.html
uriBaseId: '%SRCROOT%'
index: 56
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/media/js/embed.js
uriBaseId: '%SRCROOT%'
index: 57
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/preview/jscripts/embed.js
uriBaseId: '%SRCROOT%'
index: 58
- location:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/preview/preview.html
uriBaseId: '%SRCROOT%'
index: 59
- location:
uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html
uriBaseId: '%SRCROOT%'
index: 60
- location:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
- location:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.resizable.js
uriBaseId: '%SRCROOT%'
index: 62
- location:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.slider.js
uriBaseId: '%SRCROOT%'
index: 63
- location:
uri: static/js/tinymce/jscripts/tiny_mce/themes/simple/editor_template_src.js
uriBaseId: '%SRCROOT%'
index: 64
- location:
uri: templates/html/core/administration/settings_view.html
uriBaseId: '%SRCROOT%'
index: 65
- location:
uri: templates/html/core/database_setup.html
uriBaseId: '%SRCROOT%'
index: 66
- location:
uri: static/js/jquery.ba-serializeobject.js
uriBaseId: '%SRCROOT%'
index: 67
- location:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.button.js
uriBaseId: '%SRCROOT%'
index: 68
- location:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.tabs.js
uriBaseId: '%SRCROOT%'
index: 69
- location:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.sortable.js
uriBaseId: '%SRCROOT%'
index: 70
- location:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.droppable.js
uriBaseId: '%SRCROOT%'
index: 71
- location:
uri: static/js/jquery-ui-1.10.3/ui/jquery-ui.js
uriBaseId: '%SRCROOT%'
index: 72
- location:
uri: static/js/jquery-ui-custom.js
uriBaseId: '%SRCROOT%'
index: 73
- location:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.position.js
uriBaseId: '%SRCROOT%'
index: 74
- location:
uri: static/js/jquery-ui-1.10.3/demos/droppable/photo-manager.html
uriBaseId: '%SRCROOT%'
index: 75
- location:
uri: static/js/jquery-ui-1.10.3/demos/tabs/manipulation.html
uriBaseId: '%SRCROOT%'
index: 76
results:
- ruleId: com.lgtm/javascript-queries:js/misleading-indentation-of-dangling-else
ruleIndex: 5
rule:
id: com.lgtm/javascript-queries:js/misleading-indentation-of-dangling-else
index: 5
message:
text: This else branch belongs to [this if statement](1), but its indentation suggests it belongs to [this other if statement](2).
locations:
- physicalLocation:
artifactLocation:
uri: static/js/tinymce/jscripts/tiny_mce/tiny_mce_src.js
uriBaseId: '%SRCROOT%'
index: 34
region:
startLine: 6760
startColumn: 4
endColumn: 8
partialFingerprints:
primaryLocationLineHash: 38642848f30192cb:1
primaryLocationStartColumnFingerprint: "0"
relatedLocations:
- id: 1
physicalLocation:
artifactLocation:
uri: static/js/tinymce/jscripts/tiny_mce/tiny_mce_src.js
uriBaseId: '%SRCROOT%'
index: 34
region:
startLine: 6758
startColumn: 5
endColumn: 7
message:
text: this if statement
- id: 2
physicalLocation:
artifactLocation:
uri: static/js/tinymce/jscripts/tiny_mce/tiny_mce_src.js
uriBaseId: '%SRCROOT%'
index: 34
region:
startLine: 6741
startColumn: 4
endColumn: 6
message:
text: this other if statement
- ruleId: com.lgtm/javascript-queries:js/regex/duplicate-in-character-class
ruleIndex: 2
rule:
id: com.lgtm/javascript-queries:js/regex/duplicate-in-character-class
index: 2
message:
text: |-
Character ''' is repeated [here](1) in the same character class.
Character ''' is repeated [here](2) in the same character class.
Character ''' is repeated [here](3) in the same character class.
locations:
- physicalLocation:
artifactLocation:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/paste/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 41
region:
startLine: 722
startColumn: 72
endColumn: 73
partialFingerprints:
primaryLocationLineHash: 7820a043f81b48cd:1
primaryLocationStartColumnFingerprint: "65"
relatedLocations:
- id: 1
physicalLocation:
artifactLocation:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/paste/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 41
region:
startLine: 722
startColumn: 74
endColumn: 75
message:
text: here
- id: 2
physicalLocation:
artifactLocation:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/paste/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 41
region:
startLine: 722
startColumn: 76
endColumn: 77
message:
text: here
- id: 3
physicalLocation:
artifactLocation:
uri: static/js/tinymce/jscripts/tiny_mce/plugins/paste/editor_plugin_src.js
uriBaseId: '%SRCROOT%'
index: 41
region:
startLine: 722
startColumn: 78
endColumn: 79
message:
text: here
- ruleId: com.lgtm/javascript-queries:js/unsafe-jquery-plugin
ruleIndex: 31
rule:
id: com.lgtm/javascript-queries:js/unsafe-jquery-plugin
index: 31
message:
text: Potential XSS vulnerability in the ['$.fn.position' plugin](1).
locations:
- physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.position.js
uriBaseId: '%SRCROOT%'
index: 74
region:
startLine: 126
startColumn: 15
endColumn: 25
partialFingerprints:
primaryLocationLineHash: cdbebfebc041366e:1
primaryLocationStartColumnFingerprint: "12"
codeFlows:
- threadFlows:
- locations:
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.position.js
uriBaseId: '%SRCROOT%'
index: 74
region:
startLine: 117
startColumn: 27
endColumn: 34
message:
text: options
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.position.js
uriBaseId: '%SRCROOT%'
index: 74
region:
startLine: 118
startColumn: 20
endColumn: 27
message:
text: options
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.position.js
uriBaseId: '%SRCROOT%'
index: 74
region:
startLine: 118
startColumn: 20
endColumn: 30
message:
text: options.of
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.position.js
uriBaseId: '%SRCROOT%'
index: 74
region:
startLine: 126
startColumn: 15
endColumn: 25
message:
text: options.of
relatedLocations:
- id: 1
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.position.js
uriBaseId: '%SRCROOT%'
index: 74
region:
startLine: 117
startColumn: 17
endLine: 295
endColumn: 2
message:
text: '''$.fn.position'' plugin'
- ruleId: com.lgtm/javascript-queries:js/unsafe-jquery-plugin
ruleIndex: 31
rule:
id: com.lgtm/javascript-queries:js/unsafe-jquery-plugin
index: 31
message:
text: |-
Potential XSS vulnerability in the ['$.fn.datepicker' plugin](1).
Potential XSS vulnerability in the ['$.fn.datepicker' plugin](2).
Potential XSS vulnerability in the ['$.fn.datepicker' plugin](3).
locations:
- physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1027
startColumn: 6
endColumn: 14
partialFingerprints:
primaryLocationLineHash: 862d0932c3f65e9c:1
primaryLocationStartColumnFingerprint: "2"
codeFlows:
- threadFlows:
- locations:
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery-ui.js
uriBaseId: '%SRCROOT%'
index: 72
region:
startLine: 9598
startColumn: 28
endColumn: 35
message:
text: options
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery-ui.js
uriBaseId: '%SRCROOT%'
index: 72
region:
startLine: 9629
startColumn: 41
endColumn: 48
message:
text: options
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 139
startColumn: 38
endColumn: 46
message:
text: settings
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 32
endColumn: 40
message:
text: settings
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 32
endColumn: 46
message:
text: settings || {}
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 19
endColumn: 47
message:
text: $.exten ... || {})
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1021
startColumn: 15
endColumn: 42
message:
text: this._g ... Field")
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1021
startColumn: 4
endColumn: 42
message:
text: altField
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1027
startColumn: 6
endColumn: 14
message:
text: altField
- threadFlows:
- locations:
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery-ui.js
uriBaseId: '%SRCROOT%'
index: 72
region:
startLine: 9598
startColumn: 28
endColumn: 35
message:
text: options
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery-ui.js
uriBaseId: '%SRCROOT%'
index: 72
region:
startLine: 9629
startColumn: 41
endColumn: 48
message:
text: options
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 139
startColumn: 38
endColumn: 46
message:
text: settings
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 32
endColumn: 40
message:
text: settings
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 32
endColumn: 46
message:
text: settings || {}
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 28
endColumn: 30
message:
text: '{}'
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 19
endColumn: 47
message:
text: $.exten ... || {})
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1021
startColumn: 15
endColumn: 42
message:
text: this._g ... Field")
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1021
startColumn: 4
endColumn: 42
message:
text: altField
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1027
startColumn: 6
endColumn: 14
message:
text: altField
- threadFlows:
- locations:
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1998
startColumn: 28
endColumn: 35
message:
text: options
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 2029
startColumn: 41
endColumn: 48
message:
text: options
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 139
startColumn: 38
endColumn: 46
message:
text: settings
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 32
endColumn: 40
message:
text: settings
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 32
endColumn: 46
message:
text: settings || {}
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 19
endColumn: 47
message:
text: $.exten ... || {})
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1021
startColumn: 15
endColumn: 42
message:
text: this._g ... Field")
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1021
startColumn: 4
endColumn: 42
message:
text: altField
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1027
startColumn: 6
endColumn: 14
message:
text: altField
- threadFlows:
- locations:
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1998
startColumn: 28
endColumn: 35
message:
text: options
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 2029
startColumn: 41
endColumn: 48
message:
text: options
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 139
startColumn: 38
endColumn: 46
message:
text: settings
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 32
endColumn: 40
message:
text: settings
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 32
endColumn: 46
message:
text: settings || {}
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 28
endColumn: 30
message:
text: '{}'
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 19
endColumn: 47
message:
text: $.exten ... || {})
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1021
startColumn: 15
endColumn: 42
message:
text: this._g ... Field")
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1021
startColumn: 4
endColumn: 42
message:
text: altField
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1027
startColumn: 6
endColumn: 14
message:
text: altField
- threadFlows:
- locations:
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-custom.js
uriBaseId: '%SRCROOT%'
index: 73
region:
startLine: 541
startColumn: 10
endColumn: 11
message:
text: a
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-custom.js
uriBaseId: '%SRCROOT%'
index: 73
region:
startLine: 542
startColumn: 154
endColumn: 155
message:
text: a
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 139
startColumn: 38
endColumn: 46
message:
text: settings
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 32
endColumn: 40
message:
text: settings
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 32
endColumn: 46
message:
text: settings || {}
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 19
endColumn: 47
message:
text: $.exten ... || {})
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1021
startColumn: 15
endColumn: 42
message:
text: this._g ... Field")
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1021
startColumn: 4
endColumn: 42
message:
text: altField
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1027
startColumn: 6
endColumn: 14
message:
text: altField
- threadFlows:
- locations:
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-custom.js
uriBaseId: '%SRCROOT%'
index: 73
region:
startLine: 541
startColumn: 10
endColumn: 11
message:
text: a
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-custom.js
uriBaseId: '%SRCROOT%'
index: 73
region:
startLine: 542
startColumn: 154
endColumn: 155
message:
text: a
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 139
startColumn: 38
endColumn: 46
message:
text: settings
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 32
endColumn: 40
message:
text: settings
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 32
endColumn: 46
message:
text: settings || {}
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 28
endColumn: 30
message:
text: '{}'
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 148
startColumn: 19
endColumn: 47
message:
text: $.exten ... || {})
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1021
startColumn: 15
endColumn: 42
message:
text: this._g ... Field")
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1021
startColumn: 4
endColumn: 42
message:
text: altField
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1027
startColumn: 6
endColumn: 14
message:
text: altField
relatedLocations:
- id: 1
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery-ui.js
uriBaseId: '%SRCROOT%'
index: 72
region:
startLine: 9598
startColumn: 19
endLine: 9631
endColumn: 2
message:
text: '''$.fn.datepicker'' plugin'
- id: 2
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js
uriBaseId: '%SRCROOT%'
index: 61
region:
startLine: 1998
startColumn: 19
endLine: 2031
endColumn: 2
message:
text: '''$.fn.datepicker'' plugin'
- id: 3
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-custom.js
uriBaseId: '%SRCROOT%'
index: 73
region:
startLine: 541
endLine: 542
endColumn: 159
message:
text: '''$.fn.datepicker'' plugin'
- ruleId: com.lgtm/javascript-queries:js/xss-through-dom
ruleIndex: 32
rule:
id: com.lgtm/javascript-queries:js/xss-through-dom
index: 32
message:
text: '[DOM text](1) is reinterpreted as HTML without escaping meta-characters.'
locations:
- physicalLocation:
artifactLocation:
uri: static/js/12o_super_mini.js
uriBaseId: '%SRCROOT%'
index: 40
region:
startLine: 4666
startColumn: 24
endColumn: 118
partialFingerprints:
primaryLocationLineHash: 4a980240eec311bb:1
primaryLocationStartColumnFingerprint: "20"
codeFlows:
- threadFlows:
- locations:
- location:
physicalLocation:
artifactLocation:
uri: static/js/12o_super_mini.js
uriBaseId: '%SRCROOT%'
index: 40
region:
startLine: 4666
startColumn: 54
endColumn: 68
message:
text: $(this).text()
- location:
physicalLocation:
artifactLocation:
uri: static/js/12o_super_mini.js
uriBaseId: '%SRCROOT%'
index: 40
region:
startLine: 4666
startColumn: 24
endColumn: 118
message:
text: '''<span ... /span>'''
relatedLocations:
- id: 1
physicalLocation:
artifactLocation:
uri: static/js/12o_super_mini.js
uriBaseId: '%SRCROOT%'
index: 40
region:
startLine: 4666
startColumn: 54
endColumn: 68
message:
text: DOM text
- ruleId: com.lgtm/javascript-queries:js/xss-through-dom
ruleIndex: 32
rule:
id: com.lgtm/javascript-queries:js/xss-through-dom
index: 32
message:
text: |-
[DOM text](1) is reinterpreted as HTML without escaping meta-characters.
[DOM text](2) is reinterpreted as HTML without escaping meta-characters.
[DOM text](3) is reinterpreted as HTML without escaping meta-characters.
locations:
- physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html
uriBaseId: '%SRCROOT%'
index: 60
region:
startLine: 89
startColumn: 35
endLine: 93
endColumn: 14
partialFingerprints:
primaryLocationLineHash: b3f0d76a66d54a16:1
primaryLocationStartColumnFingerprint: "28"
codeFlows:
- threadFlows:
- locations:
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html
uriBaseId: '%SRCROOT%'
index: 60
region:
startLine: 90
startColumn: 17
endColumn: 27
message:
text: name.val()
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html
uriBaseId: '%SRCROOT%'
index: 60
region:
startLine: 89
startColumn: 35
endLine: 93
endColumn: 14
message:
text: '"<tr>" ... "</tr>"'
- threadFlows:
- locations:
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html
uriBaseId: '%SRCROOT%'
index: 60
region:
startLine: 91
startColumn: 17
endColumn: 28
message:
text: email.val()
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html
uriBaseId: '%SRCROOT%'
index: 60
region:
startLine: 89
startColumn: 35
endLine: 93
endColumn: 14
message:
text: '"<tr>" ... "</tr>"'
- threadFlows:
- locations:
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html
uriBaseId: '%SRCROOT%'
index: 60
region:
startLine: 92
startColumn: 17
endColumn: 31
message:
text: password.val()
- location:
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html
uriBaseId: '%SRCROOT%'
index: 60
region:
startLine: 89
startColumn: 35
endLine: 93
endColumn: 14
message:
text: '"<tr>" ... "</tr>"'
relatedLocations:
- id: 1
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html
uriBaseId: '%SRCROOT%'
index: 60
region:
startLine: 90
startColumn: 17
endColumn: 27
message:
text: DOM text
- id: 2
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html
uriBaseId: '%SRCROOT%'
index: 60
region:
startLine: 91
startColumn: 17
endColumn: 28
message:
text: DOM text
- id: 3
physicalLocation:
artifactLocation:
uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html
uriBaseId: '%SRCROOT%'
index: 60
region:
startLine: 92
startColumn: 17
endColumn: 31
message:
text: DOM text
newlineSequences:
- "\r\n"
- |2+
- ''
- ''
columnKind: utf16CodeUnits
properties:
semmle.formatSpecifier: 2.1.0
semmle.sourceLanguage: javascript
Reference in New Issue View Git Blame Copy Permalink